Manager, Digital Forensics Incident Response/ Responsable des enquêtes numériques et de la réponse aux incidents

Overview

WELCOME TO SITA

At , we keep airports moving, airlines flying smoothly, and borders open. Our technology and communication innovations power the success of the global air travel industry.

Youll find us in 95% of international airports, working closely with over 2,500 transportation and government clients. Each partnership brings unique challenges, and we thrive on delivering fresh solutions and cutting-edge tech to keep operations running like clockwork. We dont just move the world forward, were proud to be recognized as a Great Place to Work® by our employees and certified in most of our growing locations. Here, we feel empowered, supported, and inspired to grow.

Are you ready to love your job? The adventure begins right here, with you, at SITA.

PURPOSE

As the Digital Forensics & Incident Response Lead, you will take full ownership of high-severity investigationsrapidly detecting, containing, and neutralizing threatswhile driving digital forensics and proactive threat hunting initiatives. You will act as Incident Commander and serve as the primary technical escalation point for complex cases.

You will join SITAs STORM (Security Threat & Operational Risk Management) organization, collaborating closely with SOC, CTI, Cloud/Platform, Product, and customer-facing teams to enhance detection and response capabilities across SITA, our clients, and the broader air-transport ecosystem.

ABOUT THE ROLE & TEAM

As the Digital Forensics & Incident Response Lead, you will take full ownership of high-severity investigationsrapidly detecting, containing, and neutralizing threatswhile driving digital forensics and proactive threat hunting initiatives. You will act as Incident Commander and serve as the primary technical escalation point for complex cases.

You will join SITAs STORM (Security Threat & Operational Risk Management) organization, collaborating closely with SOC, CTI, Cloud/Platform, Product, and customer-facing teams to enhance detection and response capabilities across SITA, our clients, and the broader air-transport ecosystem.

WHAT YOU WILL DO

Incident Response & Coordination

• Lead high/critical incident response: containment, eradication, recovery, and post-incident hardening.
• Act as Incident Commander, coordinating SOC, CTI, IT, cloud, product, and business teams.
• Produce reports, executive readouts, and track lessons learned.
• Update playbooks, detections, and response patterns based on evolving threats.

Digital Forensics & Evidence Handling

• Perform forensically sound acquisition and analysis across endpoints, servers, cloud, network, and SaaS.
• Maintain chain-of-custody and document to industry standards.
• Reconstruct attacker activity and map to MITRE ATT&CK.

Threat Hunting & Detection Engineering

• Conduct hypothesis-driven hunts across EDR, SIEM, cloud, and network telemetry.
• Convert findings into high-fidelity detections, analytics, and SOAR automations.
• Validate and tune rules to reduce false positives and improve coverage.

Triage, Monitoring & QA

• Oversee L1/L2 triage quality, severity calibration, and playbook execution.
• Refine thresholds, use cases, runbooks, dashboards, and KPIs.

Tooling, Automation & Telemetry

• Develop scripts and tools to accelerate evidence collection and response.
• Partner with platform owners to improve logging, telemetry, and retention at scale.

Qualifications

ABOUT YOUR SKILLS

• Proven experience leading incident response and digital forensics in hybrid environments.
• Hands-on with EDR (CrowdStrike), SIEM (Splunk, Sentinel, Elastic), and SOAR.
• Scripting for DFIR/automation (Python/PowerShell); familiarity with KQL.
• Deep knowledge of attacker tradecraft and MITRE ATT&CK.
• Excellent communication skills to brief executives and guide teams.

Nice-to-Have:

• Certifications: GCFA, GNFA, GCIH, GREM, OSCP, CISSP.
• Cloud DFIR (Azure/AWS/GCP) and identity-centric investigations (Entra ID/Okta).
• Exposure to OT/airport systems in air-transport environments.

WHAT WE OFFER

Were all about diversity. We operate in 200 countries and speak 60 different languages and cultures. Were really proud of our inclusive environment. Our offices are comfortable and fun places to work, and we make sure you get to work from home too. Find out what it's like to join our team and take a step closer to your best life ever.

Flex Week: Work from home up to 2 days/week (depending on your teams needs)

Flex Day: Make your workday suit your life and plans. (Depending on the stakeholders and BISO Directors needs)

Flex Location: Take up to 30 days a year to work from any location in the world.

Employee Wellbeing: Weve got you covered with our Employee Assistance Program (EAP), for you and your dependents 24/7, 365 days/year. We also offer Champion Health a personalized platform that supports a range of wellbeing needs.

Professional Development: Level up your skills with our training platforms, including LinkedIn Learning!

Competitive Benefits: Competitive benefits that make sense with both your local market and employment status.

SITA is an Equal Opportunity Employer. We value a diverse workforce. In support of our Employment Equity Program, we encourage women, aboriginal people, members of visible minorities, and/or persons with disabilities to apply and self-identify in the application process.