Logo for SentinelOne

DFIR Incident Manager

Role overview

Qualifications

  • 5+ years of hands-on consulting experience in digital forensics and incident response
  • Strong project management and team leadership skills
  • Strong understanding of EDR/XDR platforms and security technologies
  • Experience conducting malware analysis and memory forensics preferred

Responsibilities

  • Oversee active DFIR investigations from intake through delivery, ensuring exceptional quality and timeliness
  • Lead business development and scoping activities while maintaining clear communication channels
  • Direct analytical focus, validate team findings, and manage escalations
  • Maintain oversight of case documentation, evidence handling, and lead post-engagement reviews

Key facts

Other skills

  • Relationship Management
  • Leadership
  • Adaptability
  • Curiosity

About the company

SentinelOne logo

SentinelOne

Cybersecurity

SentinelOne is a leading provider of autonomous security solutions for endpoint, cloud, and identity environments. Founded in 2013 by a team of cybersecurity and defense experts, SentinelOne revolutionized endpoint protection with a new, AI-powered approach. Our platform unifies prevention, detection, response, remediation, and forensics in a single, easy-to-use solution. Our endpoint security product is designed to protect your organization's endpoints from known and unknown threats, including malware, ransomware, and APTs. It uses artificial intelligence to continuously learn and adapt to new threats, providing real-time protection and automated response capabilities. SentinelOne's approach to security is designed to help organizations secure their assets with speed and simplicity. We provide the ability to detect malicious behavior across multiple vectors, rapidly eliminate threats with fully-automated integrated response, and adapt their defenses against the most advanced cyberattacks. We are recognized by Gartner in the Endpoint Protection Magic Quadrant as a Leader and have enterprise customers worldwide. Our customers include some of the world's largest companies in various industries such as finance, healthcare, government, and more. At SentinelOne, we understand that cybersecurity is a constantly evolving field and that the threats facing organizations are becoming increasingly sophisticated. That's why we are committed to staying at the forefront of technology and innovation and providing our customers with the best protection against cyber threats. We offer our customers a wide range of services, including threat hunting, incident response, and incident management. Our team of experts is available to assist you 24/7 and can help you respond to and manage cyber incidents quickly and effectively. To learn more about our products and services, please visit our website at www.sentinelone.com or contact us to schedule a demo.

Company details

Company typeLarge
IndustryCybersecurity
Company size1001 - 5000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Our Purpose

At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here.

About Us

SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters.

Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity.

What Are We Looking For?

We’re looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes.

As a DFIR Incident Manager, you will serve as the critical link between our DFIR analysts, customers, and internal stakeholders during high-stakes investigations, ensuring each engagement is properly scoped, resourced, and executed to the highest standards. You will own the full lifecycle of incident response engagements — from intake and scoping through to final delivery — balancing operational rigor with a strong client-focused approach. In addition to your project management and communication leadership, you will provide hands-on technical expertise by directing analytical focus, validating team findings, and supporting forensic analysis to maintain investigative momentum.

What Will You Do?

Primary responsibilities include:

  • Oversee active DFIR investigations from intake through delivery, ensuring exceptional quality, timeliness of deliverables, appropriate resource allocation, and strict adherence to incident response best practices and standard operating procedures.
  • Lead business development and scoping activities — including requirements gathering and contract development — while establishing and maintaining clear communication channels with customers, internal teams, breach counsel, and cyber insurance carriers.
  • Direct analytical focus, validate team findings, and manage escalations to ensure technical workstreams meet customer expectations and investigative momentum is maintained throughout the engagement.
  • Maintain oversight of case documentation, evidence handling, and final artifact archival, and lead post-engagement reviews and process improvement initiatives to continuously optimize team workflows.
  • Conduct technical analysis when required, assisting with endpoint forensics, log analysis, and baseline threat hunting, while maintaining flexibility to participate in weekend and holiday on-call schedules.

What Skills and Knowledge Will You Bring?

Ideal candidates will have:

  • 5+ years of hands-on consulting experience in digital forensics and incident response, with a proven track record of managing complex engagements and expert-level familiarity with industry-standard forensic tools and methodologies.
  • Strong project management and team leadership skills, combined with excellence in client communication, relationship management, and experience working with legal teams and cyber insurance carriers.
  • Strong understanding of EDR/XDR platforms and security technologies, with demonstrated experience in endpoint-based threat hunting, compromise assessments, and cyber threat intelligence platforms and processes.
  • Experience conducting malware analysis and memory forensics preferred, along with industry certifications such as GCFE, GCFA, CFCE, EnCE, or similar.
  • An evident self-starter with intellectual curiosity, the ability to adapt to change, and active participation in the security community through speaking engagements or publications preferred.

Why SentinelOne?

AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.

We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:

Equity & Rewards

  • Restricted Stock Units (RSUs)
  • Employee Stock Purchase Plan (ESPP)
  • Performance-based bonus

Time Off & Wellbeing

  • Flexible time off, on top of the standard 5 weeks PTO
  • Paid company wellness days and fully paid short-term sick/nursing leave
  • Competitive leave benefits
  • Gender-neutral parental leave
  • Monthly well-being and meal allowance

Insurance & Financial Security

  • Medical and insurance benefits
  • Pension contribution plan

Work Perks & Flexibility

  • Global home office allowance
  • Hybrid work in Prague (Karlin), Brno (Clubco) or remote in CZ/SK.
  • Only Prague-based employees are required to work from the office at least 2 days//week.

Wellness & Lifestyle

  • Wellbeing allowance
  • MultiSport benefit program
  • Wellness Coach app

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles. 

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Incident Response Analyst Related jobs

Other jobs at SentinelOne

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.