Are you a technical powerhouse who’s climbed the DFIR ladder fast? Maybe you've moved into management and are craving a return to hands-on, high-impact work. If you're ready to operate at the highest technical level and lead complex cyber investigations across a variety of environments, we want to hear from you.
The Company: We are partnering with a leading cyber security consultancy that specialises in protecting businesses, governments, and critical infrastructure from evolving cyber threats.
The Role: As our Principal DFIR Lead, you’ll be the go-to expert for complex cyber breach and forensic investigations. You’ll lead from the front, choosing the work that challenges and excites you, while delegating other work to a team of DFIR specialists across engagements.
This is a technical leadership role - not people management. You’ll provide deep subject matter expertise, influence best practices, and help shape how we respond to Australia’s most critical cyber threats.
Key Responsibilities: - Take ownership of large and complex DFIR cases, managing client relationships, scoping projects, setting budgets, and ensuring top-tier delivery.
- Develop and refine DFIR processes, procedures, and best practices to elevate the practice and maintain consistent, high-quality work.
- Coach and build high-performing DFIR teams, fostering a culture of learning, collaboration, and accountability.
- Ensure the accuracy, integrity, and completeness of work performed by the DFIR teams, maintaining the highest standards in every investigation.
- Work with senior leaders across multiple practices to identify opportunities for enhanced service delivery and client engagement.
Experience Needed: - Extensive, senior-level experience in digital forensics and incident response.
- Expert Generalist, type of experience. You’re comfortable going wide and deep - bridging domains with confidence.
- Advanced DFIR certifications (e.g., SANS, GIAC).
- Ability to build credibility with senior stakeholders, translating technical findings into actionable insights.
Ideally, you should have at least one of the following:
▪️ Published technical blog posts
▪️ Conference presentations
▪️ Experience as a trainer for technical courses
▪️ Research in DFIR-related areas
▪️ Contributions to code (GitHub repos or closed-source projects)
Why Join? - Flexibility: Remote-first. Work from anywhere in Australia, including full remote.
- Exposure: Diverse, high-profile investigations across sectors and industries.
- Impact: Shape how we respond to cyber threats, mentor others, and contribute to the future of DFIR.
- Training: Access to gold-class training and continuous professional development.
- Team Culture: Join a trusted, expert-led cyber team backed by major clients.
- Autonomy: You choose the projects you want to lead.
Remote-first | WFH Anywhere in Australia
$200k - $250k + Super | Referral bonuses available
This is the highest technical role in the DFIR team - requiring both broad expertise and deep knowledge. You’ll work closely with the Director - DFIR and executive leaders, shaping practices and guiding investigations.
�� Interested? Apply or reach out directly: jasmine@decipherbureau.com | or DM me