Share this Job

DFIR Team Lead

Requisition ID:  239000

Requisition Posting End Date: 11/06/2021


Project Overview:

Want to work in an agile fast-paced incident response team? Bechtel is looking for people who want to change the landscape of a traditional incident response team. Does the idea of having independent research time appeal to you? Are you looking for an exciting career opportunity based in the casual environment of Glendale, AZ? If so, we need to hear from you! (Remote applicants will be considered).


We are growing our next generation computer security incident response team for our global enterprise, and you can be a critical of this fast-paced and exciting team. We are seeking information security specialists who have expertise in network security monitoring, host forensics, reverse engineering, and incident response.


The ideal candidate will have an creative and open mind, bring a fresh perspective to a new incident response team, and be passionate about protecting, defending, and responding to computer related incidents.


As the Lead Forensics Engineer you will be managing a team to analyze endpoint systems using modern forensics tools, handling technical aspects of ethics and compliance investigations, and improving and innovating in the field of forensics. You will be working with enterprise forensic systems, log analysis systems, and network collection systems to respond to incidents on a global scale. You will work with industry respected security professionals to coordinate a best in class response to computer related incidents. If you have worked in the information security field and feel the need for technical and leadership growth, this is the right position for you.


Skills and Qualifications:

Basic Qualifications:

  • Bachelor of science degree or equivalent experience
  • Professional and/or academic publications
  • Expert witness testimony experience in at least three trials
  • Teaching experience at an accredited academic institution or for a forensics consulting service


Required Skills:

  • Strong analytical, documentation, and communication skills
  • Familiarity with Windows, Apple, and Linux based operating systems (e.g. Windows 10, 7, Server 2003, 2008, OS X)
  • 10+ years of experience in information security
  • 5+ years of experience working on computer security incident response team
  • Strong skills in forensic analysis for Windows, Mobile (iOS/Android), Mac OS X, and Linux
  • Experience with 3 or more tools: Google Rapid Response, Encase Enterprise, CounterTack Sentinel, Volatility, Rekall, MIR, Carbon Black.
  • Strong understanding of Windows internals
  • Proficiency in automating forensic analysis and custom tool development
  • Created indicators of compromise (Mandiant IOC or Mitre’s MAEC)


Desired Skills

  • Experience with version control software (e.g. Git, SVN, Mercurial, CVS, CMVC)
  • Encyclopedic knowledge of Windows file systems
  • Knowledge of two or more of the following languages: Python, C, C++, C#, Objective C, TCL, Ruby, Ocaml, Assembly (x86, x86_64, ARM, PowerPC, MIPS, SPARC architectures), Bash scripting, Forth, EnScript, WhiteSpace, or Prolog.

Shaping tomorrow together

Bechtel is one of the most respected global engineering, construction, and project management companies. Together with our customers, we deliver landmark projects that foster long-term progress and economic growth. Since 1898, we’ve completed more than 25,000 extraordinary projects across 160 countries on all seven continents. We operate through four global businesses: Infrastructure; Nuclear, Security & Environmental; Energy; and Mining & Metals. Our company and our culture are built on more than a century of leadership and a relentless adherence to our values, the core of which are safety, quality, ethics, and integrity. These values are what we believe, what we expect, what we deliver, and what we live.

Bechtel is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity and expression, age, national origin, disability, citizenship status (except as authorized by law), protected veteran status, genetic information, and any other characteristic protected by federal, state or local law.

In accordance with Bechtel's duty to provide and maintain a safe workplace for our employees and to safeguard the health of our families, customers, and visitors, we have adopted mandatory COVID-19 safety protocols for each work location, which may include a vaccination or testing requirement. Please speak with your Bechtel recruiter to determine which protocols apply to the work location for the job you are seeking.