Senior Manager Digital Forensics and Incident Response (DFIR)

Company Description

We are One Sutherland — a global team where everyone is working together to create great breakthrough solutions. Our workforce has thrived in an environment of diversity of thought, experience and background. We celebrate our diversity and embrace it wholeheartedly. Sutherland is an equal opportunity employer. We promote a positive work environment by conducting ourselves professionally and helping each other achieve our goal of One Sutherland Team, Playing to Win.

Sutherland was founded 35 years ago (1986). Since then, we have become a leading global provider of business process and technology management services offering an integrated portfolio of analyticsdriven back office and customerfacing solutions that support the entire customer life cycle.

Job Description

Position Summary

We are seeking a highly skilled DFIR Senior Manager to coordinate and execute digital forensics and incident response efforts across internal and client environments. This dualrole position requires a unique combination of deep technical expertise and exceptional communication skills.

The DFIR Manager will lead investigations into cyber incidents, coordinate with external DFIR vendors, and provide executiveready updates and presentations to internal and external stakeholders. Additionally, the manager will oversee the threat intelligence function, aggregating and analyzing threat feeds from key vendors.

Experience using Recorded Future, IBM XForce, SentinelOne, or similar tools to provide insights that strengthen our security posture.

The ideal candidate will be based in the United States and have experience working with U.S. clients and vendors. This role demands fluent written and spoken English communication and a proven ability to distill and present technical findings to nontechnical stakeholders.

Key Responsibilities

Incident Response & Forensics (Primary Role)

• Lead the full lifecycle of incident response activities, from detection to resolution.
• Coordinate response efforts with internal stakeholders and thirdparty vendors during highseverity incidents.
• Act as the primary governance lead for externally managed DFIR engagements.
• Conducted and oversaw forensic investigations to determine the root cause, scope, and impact of security incidents.
• Develop, document, and continuously improve incident response plans and playbooks.
• Prepare clientfacing reports and PowerPoint presentations for executive briefings.
• Stay current with emerging cyber threats, tools, and techniques.
• Participate in and help manage an oncall rotation for incident handling.
• Support redbluepurple team exercises and simulations.

• Threat Intelligence (Secondary Role)

  • Act as the point of contact for ingesting and correlating threat intel from multiple sources (e.g., Recorded Future, IBM XForce, SentinelOne).
  • Analyze and interpret threat actor TTPs and their relevance to the company’s risk landscape.
  • Deliver clear, concise, and actionable threat reports to internal teams and external clients.
  • Maintain dashboards and curated threat feeds aligned to the organization’s risk appetite.
  • Collaborate with SOC and detection engineering teams to develop threat detection logic and SIEM rules.
  • Manage and leverage dark web monitoring tools and threat intelligence platforms.

  • Qualifications

    Required Qualifications

    • 6+ years of experience in cybersecurity, including at least 3 years in incident response or DFIR roles.
    • Demonstrated experience managing thirdparty DFIR providers during complex investigations.
    • Strong working knowledge of forensic tools (e.g., EnCase, FTK, XWays), EDR (e.g., SentinelOne, CrowdStrike), and SIEM technologies (e.g., Chronicle, Splunk).
    • Proven ability to create and deliver executivelevel incident reports and security briefings.
    • Experience with threat intelligence platforms such as Recorded Future, Anomali, or ThreatConnect.
    • Familiarity with MITRE ATT&CK Framework, NIST 80061, and industrystandard IR procedures.
    • Excellent written and spoken English, with the ability to translate technical issues for business leaders.

    • Preferred Qualifications

      • GIAC certifications (e.g., GCFA, GCIA, GCIH) or equivalent DFIR credentials.
      • Experience working with multinational clients and regulatory frameworks (e.g., PCIDSS, GDPR, HIPAA).
      • Exposure to managed security service environments (MSSP) or incident retainer services.
      • Bachelor’s or Master’s degree in Cybersecurity, Information Security, or related field.

      • Additional Information

        All your information will be kept confidential according to EEO guidelines.