Senior Windows IR Practitioner (Cybersecurity)

TL;DR

Senior Windows IR Practitioner (Cybersecurity): Researching, designing, and developing defensive cyber security training materials and hands-on lab exercises with an accent on real-world Windows incident response and forensic analysis. Focus on recreating complex attacker TTPs, building realistic scenario-driven labs, and developing high-quality educational content for enterprise environments.

Location: Remote (Global). Must have at least 4 hours of overlap with the UK timezone (8am - 6pm)

Company

hirify.global is a fast-growing online cyber security training platform that provides gamified security exercises and challenges to millions of community members.

What you will do

• Research, design, and develop defensive cyber security training material and supporting hands-on lab exercises.
• Build realistic, scenario-driven labs reflecting attacks in enterprise Windows environments.
• Develop and configure virtual machines and sample datasets for cybersecurity labs.
• Collaborate with the content team to review work and raise the overall quality bar.
• Plan and design portions of the content development roadmap in coordination with the Head of Content Engineering.
• Analyze industry trends in tooling and techniques to recreate them as teachable content.

Requirements

• Significant hands-on experience as an Incident Responder, Threat Hunter, Digital Forensics Investigator, or L3 SOC Analyst.
• Proven experience responding to real incidents in Windows environments, including triaging endpoints and reconstructing attacker timelines.
• Solid grounding in Windows forensics (event logs, registry hives, NTFS artefacts, memory/disk forensics).
• Working knowledge of offensive techniques against Windows and Active Directory (credential dumping, privilege escalation, Kerberos attacks).
• Experience with DFIR collection tools such as EZ Toolset, Velociraptor, KAPE, or equivalents.
• Strong verbal and written English communication skills for conveying complex technical concepts.

Nice to have

• Experience creating training content, technical documentation, or CTF challenges.
• Deep expertise in AD attack paths (Kerberoasting, DCSync, ADCS), memory forensics (Volatility), or advanced NTFS analysis.
• Experience leading, coaching, or mentoring others.
• Certifications such as GCIH, GCED, SAL2, or GCFA.

Culture & Benefits

• 100% remote work from any location.
• Flexible working hours with required UK timezone overlap.
• Dedicated work laptop and necessary accessories.
• £2,500 annual training budget for certifications and professional development.
• Fully paid annual company retreat.
• Health insurance (in countries without public healthcare) and 401k/Pension options.

Hiring process

• Short introduction call (30 mins).
• Technical Take-Home Exercise (two parts).
• Interview with the Head of Content Engineering (1 hour).
• Final call with a Co-Founder (30 mins).