Forensic Team Lead

The Mission

We are not looking for someone who simply monitors dashboards or waits for alerts.

We are looking for a highly experienced Forensics Team Lead who has a proven track record of identifying and investigating sophisticated cyber threats in real-world environments. In this role, you will lead a specialized forensics function, operating at the core of our cloud-native infrastructure to proactively detect, investigate, and neutralize advanced adversaries.

You will go beyond tools and predefined alerts-leveraging raw data, custom analysis, and forward-thinking strategies to stay ahead of attackers.

What You'll Do

• Lead & Build:
  Establish and lead the digital forensics function. Build and mentor a high-performing team of investigators, setting standards for excellence and rigor.

• Proactive Threat Hunting:
  Conduct advanced threat hunting activities across cloud environments to detect sophisticated attacks, including APTs and stealth intrusions.

• Retrospective Analysis:
  Perform deep historical investigations for newly discovered vulnerabilities, validating whether they were previously exploited and assessing potential impact.

• Data-Driven Investigations:
  Analyze diverse data sources such as VPC flow logs, audit trails, and system artifacts. Adapt to new data formats and scenarios without relying solely on vendor tooling.

• Incident Response Leadership:
  Lead forensic investigations during active security incidents, transforming complex data into clear insights and actionable response plans.

• Automation & Innovation:
  Develop and leverage automation (e.g., Python, AI-driven tooling) to streamline forensic workflows and enhance investigative capabilities.

Your Profile (Must-Have Qualifications)

• Extensive Forensics Experience:
  5+ years in digital forensics, incident response, or threat hunting, with a demonstrated ability to uncover and investigate complex security incidents.

• Cloud Security Expertise:
  Strong experience investigating security events in cloud environments, including working with audit logs, identity systems, and infrastructure telemetry.

• Technical & Coding Skills:
  Proficiency in scripting or programming (e.g., Python) to build custom tools, automate analysis, and handle non-standard data formats.

• Analytical Mindset:
  Ability to think critically and approach problems from an attacker's perspective, identifying hidden patterns and potential attack paths.

• Deep Investigation Approach:
  Treat vulnerabilities as potential incidents-conducting thorough historical analysis to confirm whether exploitation has occurred.

• Leadership Under Pressure:
  Proven ability to lead teams during high-pressure situations, maintaining clarity, focus, and effective decision-making.

What Makes You Stand Out

• You approach every situation with a "assume compromise until proven otherwise" mindset

• You rely on evidence and verifiable insights, not assumptions

• You are skilled in timeline reconstruction and root cause analysis

• You remain calm and decisive during critical incidents

• You combine technical depth with investigative intuition

Why Join Us

You will play a critical role in shaping and leading a next-generation forensics capability, working on complex, high-impact security challenges in a fast-paced, cloud-first environment. This is an opportunity to build, lead, and make a tangible impact on the organization's security posture.