DFIR Engagement Manager

About the role

SentinelOne is a company at the intersection of AI and security, pioneering a new operating model for cybersecurity. Our AI-native platform unifies protection across endpoint, cloud, identity, data, and AI systems to deliver autonomous detection and response with clarity and speed. By combining real-time analytics, intelligent automation, and a unified data foundation, we reduce noise, simplify complexity, and empower security teams to focus on what truly matters. Our teams are builders, problem-solvers, and innovators committed to shaping the future of security. If you are excited to solve hard problems alongside talented, mission-driven people, we invite you to help us build a safer future for humanity. What Are We Looking For? We're looking for people who are relentlessly curious and committed to continuous learning. AI is reshaping every function across our business, and we enable every team member, regardless of role or level, to build fluency in AI tools and concepts. Those who thrive here actively seek out new solutions, experiment thoughtfully, and apply what they learn to drive better, faster, smarter outcomes. As a DFIR Engagement Manager, you will serve as the critical link between our DFIR analysts, customers, and internal stakeholders during high-stakes investigations, ensuring each engagement is properly scoped, resourced, and executed to the highest standards. You will own the full lifecycle of incident response engagements - from intake and scoping through to final delivery - balancing operational rigor with a strong client-focused approach. In addition to your project management and communication leadership, you will provide hands-on technical expertise by directing analytical focus, validating team findings, and supporting forensic analysis to maintain investigative momentum. What Will You Do? Primary responsibilities include: Oversee active DFIR investigations from intake through delivery, ensuring exceptional quality, timeliness of deliverables, appropriate resource allocation, and strict adherence to incident response best practices and standard operating procedures. Lead business development and scoping activities - including requirements gathering and contract development - while establishing and maintaining clear communication channels with customers, internal teams, breach counsel, and cyber insurance carriers. Direct analytical focus, validate team findings, and manage escalations to ensure technical workstreams meet customer expectations and investigative momentum is maintained throughout the engagement. Maintain oversight of case documentation, evidence handling, and final artifact archival, and lead post-engagement reviews and process improvement initiatives to continuously optimize team workflows. Conduct technical analysis when required, assisting with endpoint forensics, log analysis, and baseline threat hunting, while maintaining flexibility to participate in weekend and holiday on-call schedules. What Skills and Knowledge Will You Bring? Ideal candidates will have: 5+ years of hands-on consulting experience in digital forensics and incident response, with a proven track record of managing complex engagements and expert-level familiarity with industry-standard forensic tools and methodologies. Strong project management and team leadership skills, combined with excellence in client communication, relationship management, and experience working with legal teams and cyber insurance carriers. Strong understanding of EDR/XDR platforms and security technologies, with demonstrated experience in endpoint-based threat hunting, compromise assessments, and cyber threat intelligence platforms and processes. Experience conducting malware analysis and memory forensics preferred, along with industry certifications such as GCFE, GCFA, CFCE, EnCE, or similar. An evident self-starter with intellectual curiosity, the ability to adapt to change, and active participation in the security community through speaking engagements or publications preferred. Why SentinelOne? AI is redefining how the world operates and rewriting the rules of security in real time, and SentinelOne was built for this moment. From day one, we architected an AI-native platform designed to operate at machine speed, not as an add-on to legacy systems but as the foundation itself. If you want to build where innovation and impact move together, this is that place. We invest in our Sentinels w

Additional Information

Our Purpose At SentinelOne, we are driven by a clear purpose: to give the advantage to those who secure our future. As AI reshapes how organizations build, operate, and innovate, the responsibility to protect them becomes more critical than ever. When you join SentinelOne, your work helps protect global enterprises, critical infrastructure, and the technologies shaping tomorrow. If you are motivated by meaningful challenges and want your impact to be real, measurable, and global, you will find purpose here.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at sentinellabs? Share your experience