Staff DFIR Investigator

💰 $128k-$160k
🔒 Cybersecurity🟣 Senior

Job description

About Us

At SentinelOne, we’re redefining cybersecurity by pushing the limits of what’s possible—leveraging AI-powered, data-driven innovation to stay ahead of tomorrow’s threats.

From building industry-leading products to cultivating an exceptional company culture, our core values guide everything we do. We’re looking for passionate individuals who thrive in collaborative environments and are eager to drive impact. If you’re excited about solving complex challenges in bold, innovative ways, we’d love to connect with you.

What are we looking for?

SentinelOne’s Vigilance DFIR team conducts digital forensic investigations and threat hunting operations for global clients. Our team provides multiple levels of proactive and reactive services to our clients to include incident readiness assessments, table-top exercises, purple-team activities, full-breach investigation, malware analysis, and hunting operations. The selected candidate will be an experienced investigator and endpoint-based hunter with superior technical, malware reverse engineering, and customer services skills.

What will you do?

  • Accountable to ensure excellence in every engagement, to include scoping, forensic analysis, reporting, hunting, remediation consulting, and client communication.
  • Analyze malware, exploits and other suspicious files from DFIR cases to add context and threat intelligence, including performing deep reverse engineering analysis to understand malware functionality and attack vectors.
  • Perform oversight on identified IOCs and enrich context when necessary through comprehensive malware reverse engineering.
  • Augment both the forensics processing pipeline and malware analysis infrastructure with new tools and scenarios to streamline reverse engineering workflows.
  • Spearhead efforts to publish blogs on unique threats, relevant DFIR cases, and new forensic discoveries during incidents, with emphasis on malware reverse engineering findings.
  • Contribute as a lead investigator for engagements. Manage all aspects of a breach response and containment investigation.
  • Technical investigative skills must include host-based forensic analysis, EDR-driven incident response, malware analysis, memory analytics, and network log investigations.
  • Provide detailed and impactful formal investigative reports, to include technical findings and security improvement recommendations.
  • Work closely with the threat intelligence team to pursue attribution, identify attack trends, innovative malicious TTPs, and contribute to community-facing publications and blogs.

What skills and knowledge should you bring?

  • 4+ years of hands-on consulting experience in threat hunting, digital forensics, and incident response.
  • Malware reverse engineering skills using tools such as IDA Pro, Ghidra, x64dbg, or similar disassemblers and debuggers.
  • Proficiency in static and dynamic malware analysis techniques, including unpacking, deobfuscation, and behavioral analysis.
  • Experience with scripting languages (Python, PowerShell) for automation of reverse engineering tasks and malware analysis workflows.
  • Advanced experience conducting dynamic malware analysis in sandboxed environments and deep understanding of the complete reverse engineering process.
  • Knowledge of various malware families, attack frameworks, and ability to identify new or modified variants through reverse engineering analysis.
  • Understanding of Windows/Linux internals, assembly language, and common evasion techniques employed by modern malware.
  • Experience with forensic investigative software.
  • Experience with EDR/XDR platforms (SentinelOne preferred).
  • Experience with memory analytics (Volatility Preferred).
  • Experience or knowledge of conducting endpoint based threat hunting (compromise assessments).
  • Experience working with cyber threat intelligence platforms and the threat intelligence process from raw attack data to finished intel and publications.

Why us?

You will be joining a cutting-edge company, where you will tackle extraordinary challenges and work with the very best in the industry.

  • Medical, Vision, Dental, 401(k), Commuter, Health and Dependent FSA
  • Unlimited PTO
  • Industry leading gender-neutral parental leave
  • Paid Company Holidays
  • Paid Sick Time
  • Employee stock purchase program
  • Disability and life insurance
  • Employee assistance program
  • Gym membership reimbursement
  • Cell phone reimbursement
  • Numerous company-sponsored events including regular happy hours and team building events

This U.S. role has a base pay range that will vary based on the location of the candidate. For some locations, a different pay range may apply.  If so, this range will be provided to you during the recruiting process. You can also reach out to the recruiter with any questions.

Base Salary Range

$128,800—$160,000 USD

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.

Share this job:
Please let SentinelOne know you found this job on Remote First Jobs 🙏

Latest Jobs at SentinelOne

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply