As a DFIR Engagement Manager, you will serve as the critical link between our DFIR analysts, customers, and internal stakeholders during high-stakes investigations, ensuring each engagement is properly scoped, resourced, and executed to the highest standards. You will own the full lifecycle of incident response engagements — from intake and scoping through to final delivery — balancing operational rigor with a strong client-focused approach. In addition to your project management and communication leadership, you will provide hands-on technical expertise by directing analytical focus, validating team findings, and supporting forensic analysis to maintain investigative momentum.

What Will You Do?

Primary responsibilities include:

• Oversee active DFIR investigations from intake through delivery, ensuring exceptional quality, timeliness of deliverables, appropriate resource allocation, and strict adherence to incident response best practices and standard operating procedures.
• Lead business development and scoping activities — including requirements gathering and contract development — while establishing and maintaining clear communication channels with customers, internal teams, breach counsel, and cyber insurance carriers.
• Direct analytical focus, validate team findings, and manage escalations to ensure technical workstreams meet customer expectations and investigative momentum is maintained throughout the engagement.
• Maintain oversight of case documentation, evidence handling, and final artifact archival, and lead post-engagement reviews and process improvement initiatives to continuously optimize team workflows.
• Conduct technical analysis when required, assisting with endpoint forensics, log analysis, and baseline threat hunting, while maintaining flexibility to participate in weekend and holiday on-call schedules.

What Skills and Knowledge Will You Bring?

Ideal candidates will have:

• 5+ years of hands-on consulting experience in digital forensics and incident response, with a proven track record of managing complex engagements and expert-level familiarity with industry-standard forensic tools and methodologies.
• Strong project management and team leadership skills, combined with excellence in client communication, relationship management, and experience working with legal teams and cyber insurance carriers.
• Strong understanding of EDR/XDR platforms and security technologies, with demonstrated experience in endpoint-based threat hunting, compromise assessments, and cyber threat intelligence platforms and processes.
• Experience conducting malware analysis and memory forensics preferred, along with industry certifications such as GCFE, GCFA, CFCE, EnCE, or similar.
• An evident self-starter with intellectual curiosity, the ability to adapt to change, and active participation in the security community through speaking engagements or publications preferred.

Why SentinelOne?

AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.

We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:

Equity & Rewards

• Restricted Stock Units (RSUs)
• Employee Stock Purchase Plan (ESPP)

Time Off & Wellbeing

• Competitive leave benefits
• Gender-neutral parental leave

Insurance & Financial Security

• Medical and insurance benefits
• Pension

Work Perks & Flexibility

• Global home office allowance

Wellness & Lifestyle

• Wellbeing allowance
• MultiSport benefit program