At One eSecurity, we are a market-leading specialist in Threat Detection and Digital Forensics & Incident Response (DFIR). Our commitment to excellence, innovation, and passion drives everything we do
We’re looking for a top-tier, fully remote cybersecurity professional with 7+ years of experience in DFIR. If you have a sharp eye for advanced threats and hands-on expertise in incident response, join us and make an impact!
Keys responsibilities:
- Lead complex cyber incident investigations across enterprise, cloud, and hybrid environments.
- Coordinate and provide technical leadership during high-severity incidents, including ransomware, intrusions, insider threats, and APT activity.
- Perform advanced digital forensics, threat hunting, malware triage, and root cause analysis across endpoints, networks, cloud, and identity platforms.
- Develop detection strategies and improve detection coverage aligned with adversary TTPs and MITRE ATT&CK.
- Translate threat intelligence into actionable detections, hunting hypotheses, and incident response playbooks.
- Mentor analysts and support incident response operations across Tier 1–3 teams.
- Lead post-incident reviews and contribute to continuous improvement of IR processes, tooling, and operational standards.
- Produce high-quality technical and executive-level reports and recommendations.
- Drive automation and operational efficiency through scripting and security engineering improvements.
Requiered experience & qualifications:
- 7+ years of experience in DFIR, Incident Response, Threat Hunting, SOC, or related cybersecurity functions.
- Strong experience leading complex cyber incident investigations in enterprise environments.
- Deep understanding of attacker TTPs, intrusion methodologies, and modern threat actor tradecraft.
- Hands-on investigation experience across:
- Windows, Linux, and macOS
- Active Directory / Entra ID
- AWS, Azure, or GCP
- Microsoft 365 / Google Workspace
- Enterprise EDR/XDR platforms
- Strong analytical, communication, and problem-solving skills.
- Ability to operate effectively under pressure and communicate with both technical and executive stakeholders.
- Experience mentoring analysts and leading technical response activities.
Technical skills:
- DFIR & Endpoint Forensics (Velociraptor, GRR, KAPE, Volatility, FTK, EnCase, X-Ways, Volatility, Axiom)
- Deep knowledge of raw forensic artifacts and operating system internals (Windows, Linux, macOS), with the ability to manually parse and validate artifacts independently of commercial DFIR tooling (MFT, Registry, EVTX, Prefetch, Amcache, Shimcache, SRUM, USN Journal, browser artifacts, memory structures, file system metadata, and timeline reconstruction)
- Detection Engineering & Threat Hunting
- SIEM/XDR and EDR platforms
- Network traffic analysis and network forensics
- Malware triage and reverse engineering
- Scripting and automation (Python, PowerShell, Bash)
- Cyber Threat Intelligence and ATT&CK-based detection methodologies
Nice to have
- Experience in regulated or critical infrastructure environments.
- Experience supporting global incident response operations.
- Offensive security or adversary emulation experience.
Certifications
GCFA, GCIH, or equivalent certifications are highly valued.
Languages
- English and Spanish(required)
What We Offer
What makes us different from other companies?
- Exciting professional DFIR projects for the largest corporations across the globe.
- Flexible schedules and tele-working.
-A top team of highly recognized professionals in the field.
- An attractive salary.