Director, Digital Forensics and Incident Response

· Toronto, Ontario
Employment Type Full-Time
Minimum Experience Senior Manager/Supervisor

About Us

At ISA Cybersecurity, our mission is to help clients achieve their privacy and security goals, and to be proactive in the fight against security threats. ISA Cybersecurity is Canada’s leading cybersecurity-focused company, with nearly three decades of experience delivering cybersecurity services and people you can trust. We provide our clients with comprehensive counsel on complex, evolving, and multi-faceted issues related to cybersecurity and breach incident response.

ISA Cybersecurity also offers a world-class 24/7 by 365 SOC 2 Type II certified CIOC (cybersecurity intelligence operations centre), giving our clients deeper insights and earlier warnings about coordinated cyber attacks. ISA Cybersecurity strategically partners with many of the most respected security technology firms in the world. Through these relationships, our clients can gain access to a broad portfolio of industry-leading cyber solutions best suited to protect their corporate assets and customer data.

In today’s volatile world of digital threats, we help Canadian companies to better understand their current security posture and how to mitigate risks.

Why Join Us? 

At ISA Cybersecurity, every employee makes a P.A.C.T. to embody our corporate core values, everyday. Our core values (Passion for Excellence, Accountability, Commitment, Trust) shape the community and culture we have built and are an active part of everything that we do. We also believe that what will make you great is your individual contributions to your team; think of your team as a start-up that learn from each other. If you’re looking for autonomy and no old-fashioned hierarchy, ISA and you could be a match made in heaven.

About the Role

As the Director of DFIR, you will manage teams of experts in running high-stakes, high-profile investigations, and incident response engagements for our clients. You are expected to bring significant experience in the cybersecurity or technical consulting industry to bear on your casework, along with mastery of the fundamentals of running cybersecurity investigations. You will work at the direction of the Vice President to scope, coordinate, oversee, and perform numerous client cases, which might require work in any of the technical areas described below. As a team leader, the quality of the Digital Forensics and Incident Response unit's work and its continuing sterling reputation will rest with you.

To be successful in this position you proactively work to understand your client’s industry, challenges, and opportunities and are focused on effective service delivery. You have strong leadership skills and are adamant about employee development to nurture and retain top talent. You are also forward thinking and are constantly searching for ways to adopt new tools and strategies to drive innovation throughout the workplace. 


  • Deliver, lead, and manage digital forensic investigations and cyber incident response engagements.
  • Perform all phases of the incident response life cycle: preparation, analysis, containment, eradication, remediation, recovery, and post-incident activity
  • Gather, analyze, and maintain data to support investigative, risk and mitigation efforts.
  • Define, document, test and manage incident response processes, document processes and procedures in the form of playbooks and reference guides
  • Perform threat hunting in both on-premises and cloud environments
  • Evaluate external threat intelligence sources related to zero-day attacks, exploit kits and malware to determine organizational risk and improve threat detection by incorporating into detection tools
  • Independently perform digital forensics on various platforms and mobile devices utilizing various forensic tools such as, but not limited to EnCase, Autopsy, Magnet Axiom and Cellebrite;
  • Utilize and analyze results from incident response and forensic tools to assess host and network-based artifacts; analyze to determine root cause and impact
  • Develop comprehensive and accurate reports and presentations for both technical and executive audiences
  • Actively contribute to thought leadership and business development campaigns.
  • Communicate effectively at multiple levels of sensitivity, and multiple audiences.
  • Contribute to continued development of the Incident Response team, supporting internal development opportunities and process enhancement.
  • Sustain a high level of drive, enthusiasm, resilience and a positive attitude when working under pressure. 


  • GCFE, GCIH, CCE, EnCE or equivalent digital forensics / incident response certification.
  • Deep experience with most common operating systems (Windows, macOS, Linux, iOS, Android) and their file systems (ext3/4, HFS+, APFS, NTFS, exFAT, etc.).
  • Proficiency with industry-standard forensic toolsets, including X-Ways, EnCase, Axiom/IEF, Cellebrite, and FTK.
  • Proficiency with database querying and analysis.
  • Experience with cloud infrastructures for the enterprise, such as Amazon Web Services, G Suite, Office 365, and Azure.
  • Experience with conducting log analysis of Windows Event Logs, Apache, IIS, and firewall logs.
  • Demonstrated ability to perform as an expert witness.
  • Ability to serve as a technical, hands-on, lead for major investigations.
  • Must be able to work collaboratively across agencies and physical locations.
  • Ability to anticipate and respond to changing priorities and operate effectively in a dynamic, demand-based environment, requiring flexibility and responsiveness to client matters and needs.
  • Even stronger analytic, quantitative, and creative problem-solving abilities.
  • Clarity in written and oral communication.
  • Comfort with intermittent periods of significant travel, evening, and weekend hours
  • Possesses a dynamic learning mindset for both self and team and continually explores development opportunities and encourages their team to develop

Thank You

Your application was submitted successfully.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

  • Location
    Toronto, Ontario
  • Employment Type
  • Minimum Experience
    Senior Manager/Supervisor