Work with Us

Interested in applying for this position?

Email us at with your cover letter and resume.

Digital Forensics and Incident Response Director

Position Summary

As part of our digital forensics and incident response team, this role will lead investigatory and incident response efforts alongside other members of the team. In the fast-paced cyber industry, this position requires a willingness to travel (up to 20%) and strong, well-developed analytic, qualitative, and quantitative reasoning skills and demonstrated creative problem-solving abilities. The right candidate will be obsessed with accuracy but still able to get relevant results to clients ahead of schedule; be able to triage multiple cases; function in a highly confidential environment; and be able to explain highly technical findings to non-technical executives.

Desired Characteristics:

  • Confidence and strong experience responding to data breaches
  • Counsel clients in distress and provide containment / remediation guidance.
  • Form and articulate expert opinions based on analysis to then produce high-quality oral and written correspondence and reporting, presenting complex technical matters clearly and concisely.
  • Support the mentorship and technical development of junior staff.
  • Create strategic and efficient processes for common investigations and deliverables.
  • Investigate network intrusions and other cybersecurity incidents to determine root cause and the extent of the incident. Includes ability to perform host-based and network-based analysis across all major operating systems and network device platforms.
  • Preserve, harvest and analyze data from electronic data sources, including laptop and desktop computers, servers, and mobile devices.
  • Develop and refine policies and procedures for forensic and malware analyses.
  • Research, develop, and recommend hardware and software needed for incident response and help develop and maintain policies and procedures to analyze digital evidence.
  • Collaborate with the cyber risk management team in technical meetings and working groups to address issues related to cybersecurity and incident preparedness and ability to create targeted remediation plans for clients who have been compromised.
  • Experience working directly with C-suite professionals, senior attorneys, and government regulators
  • Someone highly responsive to customer needs and deadlines, and with no compromise in work quality.

Basic Qualifications:

  • 5-7 years’ professional experience in network and/or cyber investigations, incident response or forensics
  • Experience in a professional services firm handling law firm clients
  • Lead the case management efforts from scoping calls to report delivery.
  • Liaison with external counsel and partners
  • Ability to manage multiple projects and train/ mentor staff
  • Relevant industry certifications are a plus: GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst (GCIA); GIAC Reverse Engineering Malware (GREM); GIAC Certified Forensic Analyst (GCFA); GIAC Certified Forensic Examiner (GCFE); Encase Certified Examiner (EnCE)
  • Experience with forensic processes and procedures (chain of custody, computer acquisition techniques, and memory acquisition techniques
  • Advanced working knowledge of forensic tools (e.g. Axiom, Encase, FTK, BlackLight)
  • Experience with Unix, Linux, Mac, and Windows systems, and an admin level understanding of networking, firewalls, and the various protocols involved in data sharing and communications (e.g. how protocols work, their common ports, and common usage)
  • Working knowledge of current data collection, storage, and chain of custody best practices
  • Excellent reporting skills (both written and verbal)
  • Experience presenting findings and recommendations to C-level executives, law enforcement, and outside counsel
  • Knowledge of common malware persistence mechanisms
  • Experience identifying and triaging malware
  • Ability to support business development efforts
  • Strategic mindset but also detail-oriented and hands-on ability to lead high-level discussion on DFIR technology strategy and approach both internally and externally
  • Ability to manage clients, lead meetings, and manage multiple project teams concurrently
  • Ability to quickly develop and maintain rapport with clients
  • Demonstrated ability to cross-sell or upsell existing clients and generate new business
  • Experience managing complex budgets
  • Ability to allocate staff to various projects quickly and efficiently
  • Willingness to travel as required (up to 20%) to support leadership, customer briefings, planning and other activity as needed
  • Experience working on Business Email Compromise and Ransomware incidents.
  • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.Experience with conducting log analysis of Windows Event Logs, Apache, IIS, packet capture systems, and firewall logs.
  • Experience with command line tools (grep, sed, awk, powershell), python, and other programming languages.
  • Familiarity with computer system hardware and software installation and troubleshooting.


  • Collaborative, hard-working, energetic team culture
  • Excellent benefits – Vision, Medical, and Dental
  • 401K with company match
  • Unlimited PTO/time off policy
  • Bonuses for stellar performance

About Gillware

Gillware provides incident response, digital forensics, cybersecurity, and data recovery services to legal and insurance professionals, corporate IT, in-house security teams, law enforcement, and everything in between. Founded in 2003, Gillware supports a global network of partners and clients from its offices in Madison and Milwaukee, WI. Gillware’s digital forensics operation is led by Cindy Murphy, a leading forensics investigator and educator with over two decades of professional experience in the field. Gillware’s team of computer scientists, researchers and investigators leverage years of experience and state-of-the art tools to deliver unparalleled results in the most challenging cyber security, digital forensics and disaster recovery scenarios.