DFIR & Endpoint Security Analyst

Lead hands-on Digital Forensics & Incident Response (DFIR) engagements for active security incidents in Microsoft-centric environments. In addition to DFIR, you will help deliver and mature our Managed Endpoint for Microsoft Defender service—owning policy, posture management, and security hardening across customer environments. You will run investigations end-to-end (scoping, containment, remediation, recovery) and act as the senior technical authority during high-severity incidents within our MDR operations.

Key Responsibilities

• Lead high-severity incident response (ransomware, identity compromise, BEC, cloud intrusions)
• Investigate and respond using Microsoft Defender (Endpoint, Identity, O365, Cloud Apps) and Entra ID
• Perform deep endpoint, identity, email, and cloud investigations; build attacker timelines
• Scope compromise, contain threats, and guide remediation and recovery
• Deliver