Haystack
← Back to Jobs
Remote
Administrative

Senior Cyber Defense & Offensive Security Specialist (DFIR | Red Team | CTI) - Level 5

Prudent Technologies and ConsultingUnited States🇺🇸United StatesPosted 11 Jul 2026

Quick Overview

Work Type
Remote
Level
Mid Senior

Job Description

Remote position
Job Title:
Senior Cyber Defense & Offensive Security Specialist (DFIR | Red Team | CTI) Level 5


Role Overview
Threat Research Advisory team is seeking a highly skilled and versatile cybersecurity professional to lead and execute advanced Digital Forensics & Incident Response (DFIR), Offensive Security Testing, and Cyber Threat Intelligence (CTI) operations. This role requires deep technical expertise, hands-on execution capability, and the ability to operate in high-pressure incident environments while supporting proactive security initiatives.
The ideal candidate will bring a blend of forensic investigation, penetration testing, threat intelligence analysis, and automation development, with exposure to legal discovery processes and executive-level cyber risk scenarios.


Key Responsibilities 1. Digital Forensics & Incident Response (DFIR)

  • Manage and execute incident response engagements for rapid response retainers, including:
    • Unauthorized access incidents
    • Malware outbreaks and advanced threats
    • Cyber extortion and ransomware attacks
  • Perform:
    • Digital evidence acquisition and forensic analysis
    • Deleted data recovery and memory analysis
    • Malware reverse engineering
  • Operate under legal frameworks, ensuring alignment with Attorney Work Product and legal privilege requirements

2. Offensive Security & Red Team Operations

  • Conduct comprehensive penetration testing and adversary simulations, including:
    • Internal and external network testing
    • Web, cloud, mobile (iOS), and thick client assessments
    • Wireless infrastructure testing
  • Execute exploitation techniques such as:
    • SQL injection, cross-site scripting (XSS)
    • Privilege escalation and credential attacks
  • Lead Social Engineering campaigns:
    • Phishing, smishing, pre-texting
  • Perform Physical Security Assessments:
    • Facility access testing
    • RFID cloning
    • USB payload deployment

3. Cyber Threat Intelligence (CTI) & Threat Hunting

  • Monitor and analyze intelligence across:
    • Surface, deep, and dark web environments
  • Identify risks such as:
    • Stolen intellectual property
    • Brand impersonation and typosquatting
    • Credential leaks and compromise indicators
  • Develop and operationalize:
    • Automation workflows and GenAI-driven threat hunting tools
    • IOC enrichment pipelines and intelligence correlation models

4. CSIRT Operations, Labs & E-Discovery

  • Support and operate 24/7 CSIRT functions, including:
    • Alert triage and incident containment
  • Deploy and manage:
    • Network Telemetry Analysis (NTA) sensors
    • Full packet capture solutions
  • Execute E-Discovery and forensic data processing, including:
    • Predictive coding models
    • Handling and hosting Electronically Stored Information (ESI)
    • Using platforms such as Relativity and Nuix

5. Incident Preparedness & Executive Protection

  • Develop and maintain:
    • Incident Response Plans (IRPs)
    • Decision matrices and escalation protocols
    • Executive reporting frameworks
  • Conduct:
    • Ransomware simulations and breach exercises
    • Executive tabletop scenarios
  • Deliver Executive Identity Protection (EIP) services:
    • Removal of sensitive personal data from public sources and data brokers

Required Skills & Experience Technical Expertise

  • Proven experience in:
    • Multi-vector penetration testing (Network, Web, Cloud, Mobile, Wireless, Physical)
    • DFIR and compromise assessments
    • Malware analysis and reverse engineering
  • Strong proficiency with tools such as:
    • Wireshark, Nmap, Recorded Future (or equivalent CTI platforms)
  • Experience in:
    • OSINT collection and analysis
    • Network telemetry analysis

Automation & Development

  • Strong scripting and development skills in:
    • Python
    • Linux-based environments
  • Experience building:
    • Security automation tools
    • Agentic workflows and bot-driven intelligence pipelines

Forensics & Legal Discovery

  • Hands-on experience managing:
    • Electronically Stored Information (ESI)
    • Legal discovery workflows
  • Familiarity with:
    • Relativity, Nuix, or similar platforms

Certifications
Preferred certifications include:

  • Offensive Security Certified Professional (OSCP)
  • Certified Ethical Hacker (CEH)
  • GIAC Security Essentials (GSEC)
  • Additional DFIR or CTI certifications are a plus

Soft Skills & Attributes

  • Ability to operate in high-pressure incident scenarios
  • Strong analytical and investigative mindset
  • Excellent stakeholder communication, including interaction with legal counsel and executives
  • Ability to bridge offensive, defensive, and intelligence domains
  • Strong documentation and reporting skills

Similar jobs