Incident Response Expert

Incident Response Expert

Sygnia is a premier cyber technology and services company providing high-impact incident response, cyber resilience consulting, and threat hunting for leading organizations across the globe. Trusted by Fortune 100 companies and government entities alike, Sygnia draws its strength from a team of elite professionals with backgrounds in military-grade cyber operations and the global cybersecurity industry.

Sygnia is rapidly expanding its presence in the United States, growing our incident response capabilities and client base across key industries. Joining now means playing a formative role in shaping our U.S. operations while benefiting from the backing and expertise of an established global leader.

The Role

We are seeking a highly skilled and motivated Incident Response Expert to join our elite global team. In this role, you will lead and participate in complex forensic investigations and incident response engagements involving sophisticated cyberattacks, ransomware events, and nation-state activity. Your expertise will play a critical role in helping Sygnia's clients understand, contain, and recover from cyber incidents while preserving business continuity and mitigating risk.

What You'll Do

• Work with a team to conduct end-to-end forensic investigations, including log analysis, host and network forensics, malware triage, and memory analysis.
• Support response efforts for major cybersecurity incidents, collaborating closely with internal and external security and IT teams.
• Perform threat hunting activities in client environments to detect and eliminate advanced persistent threats.
• Identify Indicators of Compromise (IOCs) and attacker Tactics, Techniques, and Procedures (TTPs) using frameworks like MITRE ATT&CK.
• Analyze a wide variety of data sources (endpoint, network, SIEM, etc.) to build a clear picture of the attacker's actions and impact.
• Leverage and contribute to Sygnia's internal investigation tools, playbooks, and threat intelligence platforms.
• Communicate investigation results effectively to both technical stakeholders and executive leadership.
• Develop and present high-quality technical reports, timelines, and strategic recommendations to clients.
• Support the continuous improvement of internal methodologies, tooling, and knowledge sharing within the team.

What We're Looking For

• 3+ years of hands-on experience in incident response, digital forensics, threat hunting, or cyber investigations—whether from the private sector, military, or government.
• Deep technical understanding of operating systems (Windows, Linux, macOS), file systems, registry and memory structures, and log analysis.
• Proficiency in network fundamentals and common protocols (DNS, SMB, etc.) and network traffic analysis (e.g., PCAP review).
• Experience with tools such as EnCase, X-Ways, FTK, Velociraptor, Splunk, or Wireshark, and EDR platforms like CrowdStrike, SentinelOne, or Microsoft Defender.
• Competency in scripting or automation (e.g., Python, PowerShell) to support investigations.
• Familiarity with cloud environments (AWS, Azure, GCP) and related forensic techniques is a plus.
• Excellent written and verbal communication skills; able to clearly convey complex technical topics to diverse audiences.
• Strong analytical thinking, attention to detail, and ability to work under pressure in time-sensitive environments.
• Willingness to travel.

Bonus Points For

• Industry-recognized certifications (e.g., GCFA, GCIH, GNFA, GCIA, GREM, CISSP).
• Experience responding to ransomware, business email compromise (BEC), and advanced threat actor incidents.
• Experience presenting findings to legal counsel, regulators, or board-level stakeholders.
• Multilingual skills and experience in multinational or cross-cultural environments.
• A degree in Computer Science, Information Security, or a related field; or equivalent education or training in cybersecurity

Why Sygnia

• Be part of Sygnia's continued growth in the U.S., with opportunities to influence how we scale our team, capabilities, and operations in a rapidly expanding market.
• Work with some of the best minds in cybersecurity on the world's most high-impact cases.
• Operate in a fast-paced, elite-tier environment where your technical expertise is trusted and valued.
• Take part in meaningful, challenging work that directly shapes the outcomes for Fortune 500 organizations.
• Grow your career while staying hands-on in incident response and mentoring a highly capable team.