DFIR Specialist

DFIR Specialist – UK Remote - £70,000 - £95,000 + Bonus Opus is partnered with a major UK enterprise undergoing significant investment in its cyber defence and incident response capability. They are looking for highly experienced DFIR Specialists to join their growing security function. This role is fully remote within the UK and suited to professionals who thrive in complex, large‑scale environments where digital forensics and incident response are critical to business resilience.Key ResponsibilitiesLead and support end‑to‑end incident response, from initial triage through containment, eradication, and recovery.Conduct digital forensic investigations across endpoints, servers, cloud environments, and network infrastructure.Analyse malware, logs, memory, and artefacts to determine root cause, impact, and attacker behaviour.Produce high‑quality technical reports and communicate findings to senior stakeholders.Develop and refine IR playbooks, processes, and tooling to strengthen organisational readiness.Collaborate with SOC, threat intelligence, and wider security teams during active incidents.Contribute to proactive threat hunting and continuous improvement initiatives.Required ExperienceExtensive background in DFIR, ideally within large or complex enterprise environments.Strong technical expertise in forensic tooling (e.g., EnCase, FTK, X‑Ways, Magnet Axiom), EDR platforms, and log analysis.Deep understanding of attacker TTPs, malware behaviour, and incident response methodologies.Experience handling major security incidents, including ransomware, data breaches, and advanced intrusion activity.Ability to communicate complex technical findings clearly to both technical and non‑technical audiences.Desirable SkillsExperience with cloud forensics (AWS, Azure, GCP).Knowledge of threat hunting methodologies and detection engineering.Relevant certifications such as GCFA, GCFE, GCIH, GNFA, CHFI, or equivalent.Familiarity with MITRE ATT&CK, SIEM platforms, and scripting for automation.What’s on OfferSalary up to £95,000 plus bonus.Fully remote working within the UK.Opportunity to work within a mature, well funded organisation handling high impact incidents.Clear progression pathways and investment in advanced training and certifications.A collaborative environment with strong technical leadership and modern tooling.

Created: 2026-03-07