×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security IT Consultant

Consultant, DFIR, Reactive Services; Unit

Job in Santa Clara, Santa Clara County, California, 95050, USA
Listing for: Palo Alto Networks
Full Time position
Listed on 2026-06-28
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, IT Consultant
Job Description & How to Apply Below
Position: Consultant, DFIR, Reactive Services (Unit 42)

Consultant, Reactive Services

The Consultant, Reactive Services is an individual contributor role within Unit 42, responsible for supporting digital forensics and incident response engagements across a wide range of client environments.

In this role, you will work alongside Senior Consultants, Principal Consultants, and Consulting Directors to investigate cybersecurity incidents, perform forensic analysis, and help organizations respond to and recover from security events. You will contribute technical expertise during active investigations while continuing to build advanced DFIR capabilities in fast-paced client environments.

This position is ideal for a DFIR practitioner who enjoys hands-on technical investigations, problem-solving, and working directly with clients during high-impact cybersecurity incidents.

Key Responsibilities

  • Support and execute digital forensics and incident response investigations across enterprise environments.
  • Conduct forensic analysis of endpoints, systems, logs, and cloud environments to identify attacker activity and scope of compromise.
  • Assist with host, network, and cloud investigations during active security incidents.
  • Perform forensic acquisition and preservation of evidence following industry best practices and chain-of-custody procedures.
  • Utilize industry-standard DFIR tools and methodologies to investigate malicious activity and support containment efforts.
  • Collaborate with senior consultants and engagement teams to deliver high-quality client outcomes during incident response engagements.
  • Document technical findings, timelines, and investigative results for both internal and client-facing reporting.
  • Provide remediation recommendations and support clients throughout the incident response lifecycle.
  • Maintain awareness of emerging threats, attacker techniques, and evolving cybersecurity trends.
  • Support the development of internal DFIR processes, playbooks, and knowledge sharing initiatives within the Unit 42 team.

Qualifications

Required Qualifications

  • Bachelor's degree in Computer Science, Information Security, or related field, or equivalent practical experience.
  • 3–5 years of hands-on experience in digital forensics and incident response (DFIR), security operations, SOC, or related cybersecurity disciplines.
  • Experience supporting investigations involving ransomware, intrusion activity, phishing, malware, or unauthorized access incidents.
  • Foundational understanding of forensic methodologies, evidence handling, acquisition techniques, and chain-of-custody procedures.
  • Hands-on experience with DFIR tooling such as EnCase, FTK, Sleuth Kit, Volatility, or equivalent forensic frameworks.
  • Experience working across major operating systems including Microsoft Windows, Linux, and macOS.
  • Strong analytical and problem-solving skills with the ability to work through technical investigations in high-pressure environments.
  • Ability to communicate technical findings clearly to both technical and non-technical stakeholders.
  • Experience working collaboratively within incident response or security operations teams.

Preferred Qualifications

  • Experience supporting enterprise incident response investigations across cloud or hybrid environments.
  • Familiarity with attacker behaviors and frameworks such as MITRE ATT&CK.
  • Exposure to malware analysis, threat hunting, or endpoint investigations.
  • Background working within consulting, managed security services, MDR, or incident response-focused organizations.
  • Industry certifications such as GCIH, GCFA, GCFE, Security+, CISSP, or similar.
  • Strong written and verbal communication skills.
  • Willingness to travel up to 20% as needed to support client engagements

Compensation Disclosure

The compensation offered for this position will depend on qualifications, experience, and work location. For candidates who receive an offer at the posted level, the starting base salary (for non-sales roles) or base salary + commission target (for sales/com-missioned roles) is expected to be the annual range listed below. The offered compensation may also include restricted stock units and a bonus.

A description of our employee benefits may be found here.

$ - $/yr

Our Commitment

We're trailblazers…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search