Skip to main content
Posted 26 May, 2026

Head of DFIR

Mitigata™ - Full-Stack Cyber Resilience
Bengaluru, KA, IN Full Time
Reference: 6887c39c8091911b

Job Description

About Mitigata

Mitigata is India's first Security + Compliance + Insurance company, helping businesses mitigate cyber risks through a combination of risk assessments, compliance consulting, cyber insurance, and security solutions. We work with businesses to strengthen their security posture, ensure regulatory compliance, and provide tailored cyber insurance policies to minimize financial exposure from cyber threats. We are backed by a consortium of premier investors, including Nexus Venture Partners, Titan Capital, and WEH Ventures, alongside a global network of industry leaders.

Become a part of the first line of defence of digital India.

Our core offerings include :

  • Phishing Simulation
  • Employee & Organizational Risk Assessment
  • Governance, Risk, and Compliance (GRC) Console
  • Dark Web and Brand Monitoring
  • Threat Intelligence and Response
  • Attack surface monitoring


As we scale, we are expanding into advanced security verticals such as Email Security, Cloud Security, AI-powered CSPM (Cloud Security Posture Management), DSPM (Data Security Posture Management) , Breach simulation and AI SOC.

We are shipping cybersecurity products from India for the world.


Key Responsibilities :

The Head of DFIR will be responsible for building, scaling, and leading Mitigata's Digital Forensics and Incident Response practice across enterprise customers. This role demands a strong blend of technical depth in forensic investigation, incident command leadership, business ownership, and innovation in threat response.

You will be responsible for creating a best-in-class DFIR practice covering incident response, breach investigations, malware analysis, threat hunting, and forensic readiness, while ensuring compliance with global regulatory and evidentiary standards. As the senior responder for Mitigata's clients, you will be the calm voice in the room during a crisis - owning containment, recovery, and post-incident learning.


Practice Leadership & Strategy

  • Define and execute Mitigata's DFIR strategy aligned with enterprise customer expectations and regulatory mandates.
  • Build and scale incident response and forensic service lines including:
  • Incident Response & Breach Investigation (24x7 IR retainer model)
  • Digital Forensics (Host, Disk, Memory, Network, Mobile)
  • Malware Analysis & Reverse Engineering
  • Proactive Threat Hunting & Compromise Assessments
  • Ransomware Response, Negotiation Support & Recovery
  • Cloud Forensics across AWS, Azure, and GCP
  • Insider Threat & Fraud Investigations
  • Cyber Crisis Management & Tabletop Exercises
  • Establish IR playbooks, forensic methodologies, evidence handling SOPs, and automation capabilities.
  • Drive innovation through AI-assisted triage, forensic tooling, and large-scale telemetry analysis.

Enterprise Delivery & Incident Command

  • Own end-to-end incident response for enterprise and global customers - from first call to final report.
  • Act as Incident Commander during active breaches, coordinating containment, eradication, and recovery.
  • Serve as a trusted advisor to CISOs, General Counsel, and Boards during cyber crises.
  • Ensure forensic soundness, chain-of-custody integrity, and legal admissibility of all evidence.
  • Deliver executive-grade incident reports covering root cause, impact, attribution, and remediation.
  • Lead complex investigations across multi-cloud, hybrid, and OT/IoT environments.
  • Coordinate with law enforcement, regulators (CERT-In, RBI, SEBI, IRDAI), and cyber insurance carriers.

Team Building & Leadership

  • Build and mentor a high-performing DFIR team including:
  • Incident Responders & Threat Hunters
  • Digital Forensic Examiners (host, memory, network, mobile)
  • Malware Analysts & Reverse Engineers
  • Cloud Forensics Specialists
  • Establish on-call rotation, surge capacity models, and 24x7 readiness for IR engagements.
  • Build skill development frameworks, certification pathways, and internal CTFs / IR drills.
  • Cultivate a culture of research, intellectual rigour, and continuous learning.

Capability & Service Expansion

  • Develop new service offerings aligned with evolving threat landscapes - BEC, supply chain attacks, OT incidents, AI-driven threats.
  • Collaborate closely with SOC, MDR, Threat Intelligence, VAPT, and the Cyber Insurance underwriting teams.
  • Build a proprietary threat intelligence and IOC repository from investigations.
  • Lead research initiatives and publish thought leadership in incident response and forensics.

Governance, Compliance & Risk Management

  • Ensure DFIR services comply with global frameworks and regulatory standards such as:
  • NIST SP 800-61 (Incident Handling) and NIST SP 800-86 (Forensics)
  • SANS PICERL Incident Response Lifecycle
  • MITRE ATT&CK and D3FEND
  • ISO/IEC 27035, 27037, 27041, 27042, 27043
  • CERT-In Directions (including the 6-hour mandatory incident reporting)
  • RBI, SEBI, IRDAI cyber incident reporting guidelines
  • DPDP Act 2023, GDPR breach notification, and global data protection standards
  • PCI DSS, HIPAA, and SOC 2 incident management requirements
  • Develop internal QA, peer review processes, and evidence integrity audits.
  • Maintain forensic lab readiness, tool validation, and write-blocking discipline.

Business & Revenue Ownweship

  • Support pre-sales activities, IR retainer proposals, and solution architecture for enterprise accounts.
  • Drive revenue growth and service adoption for the DFIR practice.
  • Define pricing models, IR retainer structures, surge capacity terms, and partner ecosystem strategies.
  • Partner with the Cyber Insurance team to align IR delivery with claims and policy obligations.

Key Skills & Qualifications :

  • Deep expertise in incident response lifecycle, digital forensics, and threat hunting.
  • Strong working knowledge of attacker TTPs, MITRE ATT&CK, and adversary tradecraft.
  • Hands-on experience leading large breach investigations and ransomware engagements.
  • Proficiency with forensic and IR tooling: EnCase, FTK, X-Ways, Autopsy, Volatility, KAPE, Velociraptor, GRR.
  • Strong skills in log analysis, SIEM (Splunk, Sentinel, ELK), and EDR platforms (CrowdStrike, SentinelOne, Defender, Carbon Black).
  • Experience with network forensics tooling - Wireshark, Zeek, Suricata, full packet capture analysis.
  • Strong scripting skills in Python, PowerShell, and Bash for automation and triage at scale.
  • Excellent stakeholder management, crisis communication, and executive consulting skills.


Preferred Qualifications :

Preferred Technical Exposure

  • Malware analysis and reverse engineering (IDA Pro, Ghidra, x64dbg).
  • Memory forensics at scale - Volatility, Rekall, custom plugin development.
  • Multi-cloud forensics across AWS (CloudTrail, GuardDuty), Azure (Sentinel, M365 UAL), and GCP.
  • Kubernetes, container, and serverless incident response.
  • Mobile forensics (Cellebrite, Magnet AXIOM, Oxygen Forensic Detective).
  • OT/ICS incident response and forensic acquisition.
  • Threat intelligence integration, attribution, and adversary tracking.
  • Litigation support, expert witness testimony, and evidentiary report writing.

Certification (Preferred)

  • GCFA / GCFE / GNFA / GCIH / GREM / GCIA / GASF (SANS/GIAC)
  • CHFI / EnCE / CCE
  • CISSP / CISM
  • Cloud certifications (AWS Security Specialty, Azure Security Engineer, GCP Security Engineer)
  • OSCP or equivalent offensive certs (for adversary perspective)

Leadership Expections

  • Proven track record of building and scaling DFIR or IR consulting practices.
  • Experience managing large technical teams across geographies and time zones.
  • Strong consulting presence with enterprise customers, regulators, and legal counsel.
  • Ability to remain composed under crisis pressure and translate technical risk into business impact.
  • Demonstrated ability to publish, present, or contribute to the broader DFIR community.


Why Join Mitigata?

If India’s growth is under threat, we’re standing in the way.

  • Every cyberattack, every data breach, every fraudulent claim—isn’t just a digital incident. It’s a financial bullet aimed at India.
  • At Mitigata, we’ve built a first-of-its-kind organisation that combines cybersecurity with liability insurance—because defence without coverage is incomplete.
  • From ransomware taking down hospitals, to directors being sued overnight, to startups losing funding after a breach—we protect what matters: Their servers. Their balance sheets. Their reputation.
  • We’re building India’s cyber shield—one firewall, one policy, one partnership at a time.
  • Our work is national defence in the digital age - We protect government, businesses & individuals from collapsing under the weight of cybercrime and legal liability.
  • We are establishing India’s most expansive AI-driven Security Operations Center, merging elite infrastructure with next-generation intelligence.
  • You’ll be designing the infrastructure that keeps India’s growth story alive.
  • Competitive leadership package, ESOPs, and the opportunity to create national impact.

Join us if you're done building for vanity. Build for protection. Build for survival. Build for Bharat 🇮🇳


To Apply: Send your resume to with the subject Head of DFIR



Apply to this Job

Sign up for Job Alerts

By clicking Create Alert, you agree to the Global Terms of Use Agreement and acknowledge that you have read and understand the Global Privacy Policy.