Director, Digital Forensics & Incident Response

JOB DESCRIPTIONDirector, Digital Forensics & Incident ResponseEnterprise Cyber SecurityFull Time, REMOTEThe OpportunityThe Digital Forensics & Incident Response (DFIR) team operates within MassMutual’s Cyber Fusion Center, the organization responsible for enterprise-wide threat detection, monitoring, and response. As the DFIR Director, you will lead a global team that safeguards the company by detecting, analyzing, and responding to cyber threats in real time. This is a strategic leadership role accountable for strengthening the company’s forensic capabilities, incident response readiness, and overall cyber resilience.The TeamYou will oversee a globally distributed DFIR team operating in a follow‑the‑sun model with analysts across the U.S., India, and Romania. The team conducts deep forensic analysis, leads incident response efforts, and supports investigations deriving from a range of stakeholders throughout the company. You will collaborate closely with Security Operations, Threat Intelligence, Offensive Security, Security Engineering, IAM, Network Security, and other cybersecurity functions to ensure cohesive, coordinated defense across the enterprise.The ImpactIn this role, you will:Lead and Evolve DFIR StrategyOwn and advance all DFIR operations in alignment with MassMutual's cybersecurity strategy and regulatory obligations.Establish strategic priorities, develop long‑term capability roadmaps, and champion continuous program improvement.Partner with SOC, Threat Intelligence, and Offensive Security leadership to ensure cohesive, enterprise‑wide threat defense.Oversee DFIR metrics, staffing plans, and budget requirements while guiding strategic investment decisions.Drive Incident Response ExcellenceOversee the response to cybersecurity events and major incidents, ensuring appropriate analysis, prioritization, escalation, and communications.Maintain and continually enhance standardized incident handling processes to improve consistency and reduce response times.Ensure high‑quality executive communication, including incident impact summaries and recommended actions for senior leadership.Strengthen Communication & Enterprise CollaborationBuild and maintain relations with key stakeholders from across the company (to include Law, Compliance, HR, and other security teams).Serve as the escalation point for cross‑functional coordination during investigations and major events.Ensure timely, risk‑aware decisions and clear communication of incident impacts and recommended actions.Advance Forensic CapabilitiesContinually evaluate and enhance forensic toolsets, processes, and methodologies across endpoint, cloud, and network environments.Establish and enforce evidence handling standards, including collection, preservation, and chain‑of‑custody practices.Drive automation to increase analyst efficiency, improve data quality, and streamline response workflows.Build and Inspire a High‑Performing Global TeamLead, mentor, and develop a geographically distributed team of DFIR analysts and managers.Create a culture of inclusion, innovation, continuous improvement, and professional growth consistent with MassMutual’s values.Support ongoing skill advancement through hands‑on exercises, simulations, certifications, and cross‑training opportunities.The Minimum QualificationsBachelor's Degree or equivalent professional experience8+ Years of experience in cybersecurity operations, including digital forensics, incident response, threat intelligence, cyber investigations, detection engineering, or related domains—with demonstrated impact improving organizational capabilities.2+ years of experience leading large, globally distributed technical teams in high‑pressure operational environments.Flexibility to support off hours and weekends on callPreferred QualificationsMaster’s degree in cybersecurity or related discipline.Relevant certifications such as CISSP, GIAC, CISM, OSCP, or similar.Experience collaborating with stakeholders such as Audit, Compliance, Risk Management, and external regulators.Passion for continuous learning and staying current with emerging threats, forensic techniques, and adversary behaviors.Experience leading global DFIR or SOC teams.Familiarity with cloud‑based forensic and detection technologies (AWS, Azure, GCP).Experience maturing DFIR programs through automation, tooling modernization, and data‑driven improvements.Proven experience leading multidiscipline security teams and driving operational strategy in complex cybersecurity environments.Deep understanding of incident response best practices and experience coordinating responses to both small‑scale and large‑scale incidents.Strong background in endpoint and network forensics, log analysis, and forensic tooling.Excellent communication and executive reporting skills, including the ability to translate technical analysis for non‑technical audiences.Demonstrated success developing cybersecurity playbooks, workflows, and security exercises.Experience operati