Dfir Engagement Manager

**About Us**:
SentinelOne is defining the future of cybersecurity through our XDR platform that automatically prevents, detects, and responds to threats in real-time. Singularity XDR ingests data and leverages our patented AI models to deliver autonomous protection. With SentinelOne, organizations gain full transparency into everything happening across the network at machine speed - to defeat every attack, at every stage of the threat lifecycle.

We are a values-driven team where names are known, results are rewarded, and friendships are formed. Trust, accountability, relentlessness, ingenuity, and OneSentinel define the pillars of our collaborative and unified global culture. We're looking for people that will drive team success and collaboration across SentinelOne. If you're enthusiastic about innovative approaches to problem-solving, we would love to speak with you about joining our team

**What are we looking for?**

**What will you do?**
- Lead business development activities including scoping, requirements gathering, and contract development
- Collaborate with account teams and internal and external legal counsel to ensure service agreements and statements of work are in place
- Handle high-stakes client interactions involving legal counsel or executive stakeholders
- Oversee active DFIR investigations, ensuring exceptional quality and timeliness of deliverables
- Establish and maintain clear communication channels with all stakeholders
- Manage DFIR investigation objectives, timelines, resource allocation
- Coordinate cross-functional teams including internal resources and external vendors
- Handle escalations and resolve technical or operational challenges
- Ensure proper evidence handling and documentation throughout investigations
- Maintain oversight of case documentation and artifact archival
- Ensure adherence to standard operating procedures and best practices
- Lead post-engagement reviews and process improvement initiatives
- Conduct technical analysis including endpoint forensics, log analysis, and threat-hunting when required
- Maintain flexibility with schedule and participate in weekend and holiday on-call schedule
- Adopt and follow our core values amongst the team:
- Trust - We earn our client's trust via technical expertise and a customer-first mindset.
- Accountability - Every team member contributes to our group success via diligently fulfilling their assigned duties.
- Collaboration—The DFIR team works closely with our threat intelligence, research, MDR, and product teams to ensure the success of every investigation.
- Relentlessness - We will leave no stone unturned to provide outstanding service and fulfill our client's needs.
- Ingenuity - If no tool or process exists to enable our investigations and hunts, then we will create one. There is always a way to improve existing methodologies.
- Community - The DFIR team supports each other as we grow and improve ourselves and our service.

**What skills and knowledge should you bring?**
- 5+ years of hands-on consulting experience in digital forensics and incident response
- Proven track record of managing complex incident response engagements
- Expert-level experience with industry-standard forensic tools and methodologies
- Strong understanding of and experience with EDR/XDR platforms and security technologies
- Experience conducting malware analysis and memory forensics preferred
- Demonstrated experience in endpoint-based threat-hunting and compromise assessments
- Experience working with cyber threat intelligence platforms and processes
- Excellence in client communication and relationship management
- Experience working with legal teams and insurance carriers
- Strong project management and team leadership skills
- Industry certifications (GCFE, GCFA, CFCE, EnCE, or similar) preferred
- Active participation in the security community through speaking engagements or publications preferred
- Evident self-starter with intellectual curiosity and the ability to adapt to change

SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

SentinelOne participates in the E-Verify Program for all U.S. based roles.