[Remote] Staff DFIR Investigator
Note: The job is a remote job and is open to candidates in USA. SentinelOne is redefining cybersecurity with AI-powered innovations. They are seeking a Staff DFIR Investigator to conduct digital forensic investigations and threat hunting operations for global clients, ensuring excellence in engagements and contributing to community-facing publications.
Responsibilities
• Accountable to ensure excellence in every engagement, to include scoping, forensic analysis, reporting, hunting, remediation consulting, and client communication.
• Analyze malware, exploits and other suspicious files from DFIR cases to add context and threat intelligence, including performing deep reverse engineering analysis to understand malware functionality and attack vectors.
• Perform oversight on identified IOCs and enrich context when necessary through comprehensive malware reverse engineering.
• Augment both the forensics processing pipeline and malware analysis infrastructure with new tools and scenarios to streamline reverse engineering workflows.
• Spearhead efforts to publish blogs on unique threats, relevant DFIR cases, and new forensic discoveries during incidents, with emphasis on malware reverse engineering findings.
• Contribute as a lead investigator for engagements. Manage all aspects of a breach response and containment investigation.
• Technical investigative skills must include host-based forensic analysis, EDR-driven incident response, malware analysis, memory analytics, and network log investigations.
• Provide detailed and impactful formal investigative reports, to include technical findings and security improvement recommendations.
• Work closely with the threat intelligence team to pursue attribution, identify attack trends, innovative malicious TTPs, and contribute to community-facing publications and blogs.
Skills
• 4+ years of hands-on consulting experience in threat hunting, digital forensics, and incident response.
• Malware reverse engineering skills using tools such as IDA Pro, Ghidra, x64dbg, or similar disassemblers and debuggers.
• Proficiency in static and dynamic malware analysis techniques, including unpacking, deobfuscation, and behavioral analysis.
• Experience with scripting languages (Python, PowerShell) for automation of reverse engineering tasks and malware analysis workflows.
• Advanced experience conducting dynamic malware analysis in sandboxed environments and deep understanding of the complete reverse engineering process.
• Knowledge of various malware families, attack frameworks, and ability to identify new or modified variants through reverse engineering analysis.
• Understanding of Windows/Linux internals, assembly language, and common evasion techniques employed by modern malware.
• Experience with forensic investigative software.
• Experience with EDR/XDR platforms (SentinelOne preferred).
• Experience with memory analytics (Volatility Preferred).
• Experience or knowledge of conducting endpoint based threat hunting (compromise assessments).
• Experience working with cyber threat intelligence platforms and the threat intelligence process from raw attack data to finished intel and publications.
Benefits
• Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
• Unlimited PTO
• Industry leading gender-neutral parental leave
• Paid Company Holidays
• Paid Sick Time
• Employee stock purchase program
• Disability and life insurance
• Employee assistance program
• Gym membership reimbursement
• Cell phone reimbursement
• Numerous company-sponsored events including regular happy hours and team building events
Company Overview
• SentinelOne is an autonomous cybersecurity solution company. It was founded in 2013, and is headquartered in Mountain View, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.sentinelone.com.
Company H1B Sponsorship
• SentinelOne has a track record of offering H1B sponsorships, with 10 in 2025, 14 in 2024, 2 in 2023, 18 in 2022, 5 in 2021. Please note that this does not guarantee sponsorship for this specific role.
Apply tot his job
Apply To this Job