[Remote] Principal Consultant, DFIR, Reactive Services (Unit 42) - Remote

Note: The job is a remote job and is open to candidates in USA. Palo Alto Networks is a leading cybersecurity company dedicated to protecting the digital way of life. The Principal Consultant, Reactive Services role within Unit 42 involves delivering expert-level incident response and digital forensics services, acting as a technical leader on investigations, and providing actionable guidance to clients during cybersecurity incidents.

Responsibilities

• Lead and execute digital forensics and incident response investigations across enterprise environments
• Serve as a technical lead on incident response engagements, guiding investigative strategy and forensic analysis
• Conduct advanced host, network, and cloud investigations to identify root cause, attacker behavior, and scope of compromise
• Perform forensic acquisition and analysis of systems, memory, logs, and endpoint telemetry
• Utilize industry-standard DFIR tooling and methodologies to analyze malicious activity and support incident containment
• Collaborate with Consulting Directors and cross-functional teams to deliver high-quality client outcomes during security incidents
• Provide clear technical findings and remediation guidance to clients and internal stakeholders
• Maintain up-to-date knowledge of emerging threats, attacker techniques, and the evolving threat landscape
• Support development of incident response playbooks, tools, and methodologies to improve investigation efficiency
• Contribute to knowledge sharing and mentorship within the Unit 42 DFIR team

Skills

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience
• 6–8 years of hands-on experience in digital forensics and incident response (DFIR), security operations, or related cybersecurity disciplines
• Demonstrated experience investigating enterprise-scale cybersecurity incidents, including ransomware, intrusion activity, or advanced persistent threats
• Strong understanding of forensic methodologies, including evidence handling, acquisition techniques, and chain-of-custody procedures
• Hands-on experience with industry-standard DFIR tools such as EnCase, FTK, SleuthKit, Volatility, or equivalent forensic frameworks
• Operational experience investigating systems across major operating systems, including Microsoft Windows, Linux, and macOS
• Strong analytical and problem-solving skills with the ability to investigate complex technical environments under pressure
• Experience working directly with clients or internal stakeholders during security incidents
• Experience responding to large-scale enterprise security incidents across cloud and hybrid environments
• Knowledge of attacker techniques aligned with MITRE ATT&CK
• Experience performing malware triage or reverse engineering
• Background working in consulting, incident response firms, or managed detection and response environments
• Industry certifications such as GCFA, GCFE, GCIH, CISSP, or similar
• Strong written and verbal communication skills with the ability to translate technical findings into actionable recommendations
• Willingness to travel up to 20% as required to support client engagements

Benefits

• The offered compensation may also include restricted stock units and a bonus.
• A description of our employee benefits may be found here.
• We are committed to providing reasonable accommodations for all qualified individuals with a disability.

Company Overview