DFIR Engagement Manager

<div class="content-intro"><h3>Our Purpose<strong><br></strong></h3> <p>At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here.</p> <h3>About Us<strong><br></strong></h3> <p>SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters.</p> <p>Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity.</p> <h3><strong>What Are We Looking For?</strong></h3> <p>We’re looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes.</p></div><p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">As a<strong> </strong>DFIR Engagement Manager, you will serve as the critical link between our DFIR analysts, customers, and internal stakeholders during high-stakes investigations, ensuring each engagement is properly scoped, resourced, and executed to the highest standards. You will own the full lifecycle of incident response engagements — from intake and scoping through to final delivery — balancing operational rigor with a strong client-focused approach. In addition to your project management and communication leadership, you will provide hands-on technical expertise by directing analytical focus, validating team findings, and supporting forensic analysis to maintain investigative momentum.</p> <h3 class="font-claude-response-body break-words whitespace-normal leading-[1.7]">What Will You Do?</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Primary responsibilities include:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">Oversee active DFIR investigations from intake through delivery, ensuring exceptional quality, timeliness of deliverables, appropriate resource allocation, and strict adherence to incident response best practices and standard operating procedures.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Lead business development and scoping activities — including requirements gathering and contract development — while establishing and maintaining clear communication channels with customers, internal teams, breach counsel, and cyber insurance carriers.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Direct analytical focus, validate team findings, and manage escalations to ensure technical workstreams meet customer expectations and investigative momentum is maintained throughout the engagement.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Maintain oversight of case documentation, evidence handling, and final artifact archival, and lead post-engagement reviews and process improvement initiatives to continuously optimize team workflows.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Conduct technical analysis when required, assisting with endpoint forensics, log analysis, and baseline threat hunting, while maintaining flexibility to participate in weekend and holiday on-call schedules.</li> </ul> <h3 class="font-claude-response-body break-words whitespace-normal leading-[1.7]">What Skills and Knowledge Will You Bring?</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Ideal candidates will have:</p> <ul class="[li_&amp;]:mb-0 [li_&amp;]:mt-1 [li_&amp;]:gap-1 [&amp;:not(:last-child)_ul]:pb-1 [&amp;:not(:last-child)_ol]:pb-1 list-disc flex flex-col gap-1 pl-8 mb-3"> <li class="font-claude-response-body whitespace-normal break-words pl-2">5+ years of hands-on consulting experience in digital forensics and incident response, with a proven track record of managing complex engagements and expert-level familiarity with industry-standard forensic tools and methodologies.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Strong project management and team leadership skills, combined with excellence in client communication, relationship management, and experience working with legal teams and cyber insurance carriers.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Strong understanding of EDR/XDR platforms and security technologies, with demonstrated experience in endpoint-based threat hunting, compromise assessments, and cyber threat intelligence platforms and processes.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">Experience conducting malware analysis and memory forensics preferred, along with industry certifications such as GCFE, GCFA, CFCE, EnCE, or similar.</li> <li class="font-claude-response-body whitespace-normal break-words pl-2">An evident self-starter with intellectual curiosity, the ability to adapt to change, and active participation in the security community through speaking engagements or publications preferred.</li> </ul> <h3 class="font-claude-response-body break-words whitespace-normal leading-[1.7]">Why SentinelOne?</h3> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place.</p> <p class="font-claude-response-body break-words whitespace-normal leading-[1.7]">We invest in our Sentinels with comprehensive, competitive benefits designed to support you and your family:</p> <p><strong>Equity &amp; Rewards</strong></p> <ul> <li>Restricted Stock Units (RSUs)</li> <li>Employee Stock Purchase Plan (ESPP)</li> </ul> <p><strong>Time Off &amp; Wellbeing</strong></p> <ul> <li>Competitive leave benefits</li> <li>Gender-neutral parental leave</li> </ul> <p><strong>Insurance &amp; Financial Security</strong></p> <ul> <li>Medical and insurance benefits</li> <li>Pension</li> </ul> <p><strong>Work Perks &amp; Flexibility</strong></p> <ul> <li>Global home office allowance</li> </ul> <p><strong>Wellness &amp; Lifestyle</strong></p> <ul> <li>Wellbeing allowance</li> <li>MultiSport benefit program</li> </ul><div class="content-conclusion"><p><span style="font-weight: 400;">SentinelOne is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.</span></p> <p><span style="font-weight: 400;">SentinelOne participates in the E-Verify Program for all U.S. based roles.&nbsp;</span></p></div>