Company Description:
We are One Sutherland — a global team where everyone is working together to create great breakthrough solutions. Our workforce has thrived in an environment of diversity of thought, experience and background. We celebrate our diversity and embrace it whole-heartedly. Sutherland is an equal opportunity employer. We promote a positive work environment by conducting ourselves professionally and helping each other achieve our goal of One Sutherland Team, Playing to Win.
Sutherland was founded 35 years ago (1986). Since then, we have become a leading global provider of business process and technology management services offering an integrated portfolio of analytics-driven back office and customer-facing solutions that support the entire customer life cycle.
Job Description:
Position Summary
We are seeking a highly skilled DFIR Senior Manager to coordinate and execute digital forensics and incident response efforts across internal and client environments. This dual-role position requires a unique combination of deep technical expertise and exceptional communication skills.
The DFIR Manager will lead investigations into cyber incidents, coordinate with external DFIR vendors, and provide executive-ready updates and presentations to internal and external stakeholders. Additionally, the manager will oversee the threat intelligence function, aggregating and analyzing threat feeds from key vendors.
Experience using Recorded Future, IBM X-Force, SentinelOne, or similar tools to provide insights that strengthen our security posture.
The ideal candidate will be based in the United States and have experience working with U.S. clients and vendors. This role demands fluent written and spoken English communication and a proven ability to distill and present technical findings to non-technical stakeholders.
Key Responsibilities
Incident Response & Forensics (Primary Role)
- Lead the full lifecycle of incident response activities, from detection to resolution.
- Coordinate response efforts with internal stakeholders and third-party vendors during high-severity incidents.
- Act as the primary governance lead for externally managed DFIR engagements.
- Conducted and oversaw forensic investigations to determine the root cause, scope, and impact of security incidents.
- Develop, document, and continuously improve incident response plans and playbooks.
- Prepare client-facing reports and PowerPoint presentations for executive briefings.
- Stay current with emerging cyber threats, tools, and techniques.
- Participate in and help manage an on-call rotation for incident handling.
- Support red/blue/purple team exercises and simulations.
Threat Intelligence (Secondary Role)
- Act as the point of contact for ingesting and correlating threat intel from multiple sources (e.g., Recorded Future, IBM X-Force, SentinelOne).
- Analyze and interpret threat actor TTPs and their relevance to the company’s risk landscape.
- Deliver clear, concise, and actionable threat reports to internal teams and external clients.
- Maintain dashboards and curated threat feeds aligned to the organization’s risk appetite.
- Collaborate with SOC and detection engineering teams to develop threat detection logic and SIEM rules.
- Manage and leverage dark web monitoring tools and threat intelligence platforms.
Qualifications:
Required Qualifications
- 6+ years of experience in cybersecurity, including at least 3 years in incident response or DFIR roles.
- Demonstrated experience managing third-party DFIR providers during complex investigations.
- Strong working knowledge of forensic tools (e.g., EnCase, FTK, X-Ways), EDR (e.g., SentinelOne, CrowdStrike), and SIEM technologies (e.g., Chronicle, Splunk).
- Proven ability to create and deliver executive-level incident reports and security briefings.
- Experience with threat intelligence platforms such as Recorded Future, Anomali, or ThreatConnect.
- Familiarity with MITRE ATT&CK Framework, NIST 800-61, and industry-standard IR procedures.
- Excellent written and spoken English, with the ability to translate technical issues for business leaders.
Preferred Qualifications
- GIAC certifications (e.g., GCFA, GCIA, GCIH) or equivalent DFIR credentials.
- Experience working with multinational clients and regulatory frameworks (e.g., PCI-DSS, GDPR, HIPAA).
- Exposure to managed security service environments (MSSP) or incident retainer services.
- Bachelor’s or Master’s degree in Cybersecurity, Information Security, or related field.
Additional Information:
All your information will be kept confidential according to EEO guidelines.
