Senior Director, Digital Forensics and Incident Response

Remote
Full Time
DFIR
Senior Manager/Supervisor

Role: Senior Director, Digital Forensics & Incident Response
Location: Remote, US
Work Authorization: US Citizenship Required

BlueVoyant is seeking a Senior Director, DFIR to lead high-impact cyber investigations and act as incident commander during complex, high-pressure security incidents.

This is a client-facing leadership role responsible for guiding organizations through critical moments—from initial response through investigation, containment, and recovery—while advising executives, legal counsel, and technical teams.


What You’ll Do:

  • Act as incident commander for complex DFIR engagements end-to-end
  • Serve as the primary client lead, advising executives, legal counsel, insurers, and stakeholders
  • Lead investigations across ransomware, BEC, cloud/identity compromise, insider threat, and advanced attacks
  • Direct forensic analysis across endpoints, cloud, identity, SaaS, email, and network environments
  • Translate technical findings into clear business risk and remediation guidance
  • Lead executive briefings, client updates, and post-incident reviews
  • Manage multiple concurrent incidents in fast-paced, high-pressure environments
  • Mentor and develop DFIR consultants and technical teams
  • Support incident readiness, tabletop exercises, and client growth initiatives

What You Bring:

  • 3–5 years of hands-on DFIR experience in real-world incidents
  • 6–10 years in client-facing consulting, incident response, or cyber advisory roles
  • Proven experience as an incident commander or senior DFIR lead
  • Strong background in ransomware, cloud/identity compromise, and complex attack investigations
  • Experience working directly with executives, legal counsel, insurers, and technical teams
  • Ability to manage multiple stakeholders, workstreams, and timelines under pressure
  • Leadership experience mentoring or managing technical teams

Technical Expertise:

  • Strong knowledge across endpoint, cloud, identity, SaaS, and network forensics
  • Experience with tools such as EnCase, FTK, Magnet AXIOM, Velociraptor, Splunk, Sentinel, CrowdStrike (or similar)
  • Familiarity with Microsoft 365, Entra ID, Azure, AWS, Okta, Google Workspace
  • Understanding of attacker tradecraft, including persistence, lateral movement, and data exfiltration
  • Working knowledge of KQL, SPL, SQL, PowerShell, Python, or Bash

Leadership & Communication:

  • Exceptional communication skills—able to translate technical issues into business impact
  • Strong judgment in high-stress, ambiguous environments
  • Composed, credible, and client-focused under pressure
  • Collaborative leader with a focus on quality, mentorship, and outcomes

Nice to Have:

  • Experience working with breach counsel, insurers, or regulators
  • Incident readiness, tabletop, or IR planning experience
  • Certifications such as CISSP, GCFA, GCIH, GCFE, GNFA, OSCP

Education:

Bachelor’s degree preferred (Cybersecurity, Computer Science, DFIR, or related), or equivalent professional experience.
 

Why BlueVoyant?

  • Work alongside experienced DFIR leaders and experts, including former government cyber professionals and industry veterans.
  • Lead high-impact, global cyber investigations, supporting clients through critical, business-defining incidents
  • ​​​​Gain exposure to complex environments, executive stakeholders, and advanced threat scenarios across industries
  • Join a global, mission-driven cybersecurity company defending organisations worldwide with cutting-edge data, technology, and expertise
  • Competitive compensation and comprehensive benefits package, with support for wellbeing, development, and career growth


About BlueVoyant

BlueVoyant is an AI-driven cybersecurity company dedicated to standing between our customers and cyber threats. By combining human, artificial, and proprietary intelligence, we deliver a unified solution that protects every organization’s network, identities, vendors, and digital footprints as a single attack surface. The company’s award-winning Microsoft Security expertise helps organizations maximize their security investments while reducing risk and ensuring compliance. 

Led by CEO, John Hernandez, BlueVoyant’s highly skilled team includes former government cyber officials with extensive frontline experience in responding to advanced cyber threats on behalf of the National Security Agency, Federal Bureau of Investigation, Unit 8200, and GCHQ, together with private sector experts. BlueVoyant services utilize large real-time datasets with industry leading analytics and technologies. 

Founded in 2017 by Fortune 500 executives, including Chairman of the Board, Jim Rosenthal, Vice Chairman, Tom Glocer, and former Government cyber officials, BlueVoyant is headquartered in New York City and has offices in Maryland, Tel Aviv, San Francisco, London, Budapest, and Latin America and is committed to building a workplace where talented people are empowered to do their best work in the fight against global cyber threats.. 

Important Information for Applicants 

BlueVoyant uses AI-assisted tools within our applicant tracking system to help identify candidates whose experience and skills best match the requirements of a role. This technology provides hiring teams with added insights to support fair and efficient hiring decisions. All applications are reviewed by a member of our hiring team, and final hiring decisions are made by humans, not AI. By submitting your application, you acknowledge that AI tools may assist in the evaluation of your resume as part of the recruitment process. 

While we embrace the use of AI within our business and recruitment process, we do not permit its use during interviews. Any suspected use of AI during an interview will be challenged, and this may include the use of detection tools. 

For more information on how we process your personal data, please review our Candidate Privacy Notice available at https://www.bluevoyant.com/candidate-privacy-notice

All employees must be authorized to work in the United States of America.  BlueVoyant provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, BlueVoyant complies with applicable state and local laws governing non-discrimination in employment in every location in which the company has facilities.

Disclaimer: Please note that pursuant to contractual requirements and applicable law, for employees to perform work on some of the company’s federal contracts, U.S. citizenship is required. Accordingly, an employee’s ability to perform work on such contracts is contingent upon the company’s verification of the employee’s citizenship status. 

Interview Expectations

As part of our interview process, we assess your experience through real-time discussion, so we expect responses to be your own. While we support the use of AI in our business, it is not permitted during interviews, and any suspected use may be challenged, including through detection methods.

BlueVoyant Candidate Privacy Notice

To understand how we secure and manage your personal data upon submitting a job application, please see our Candidate Privacy Notice, which can be found here - Candidate Privacy Notice

Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume or Paste resume
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.
Human Check*