HimalayasHimalayas logo
MB
Open to opportunities

michael brooks

@michaelbrooks

Senior DFIR Analyst with 15+ years leading incident response, forensics, and threat hunting across enterprise environments.

United States
Message

What I'm looking for

I’m looking for a DFIR role where I can lead end-to-end incident response and threat hunting across cloud and enterprise, tune EDR/SIEM detections, and partner with engineering and leadership to drive measurable MTTR and exposure reductions.

I’m a results-driven Senior DFIR Analyst with 15+ years leading end-to-end incident response, digital forensics, and threat hunting across enterprise, cloud-native SaaS, and federal environments. I’ve built investigations that contain sophisticated adversaries—including APT groups and ransomware operators—by combining endpoint telemetry, SIEM context, and cloud forensic evidence.

I leverage EDR/XDR platforms (CrowdStrike Falcon, SentinelOne), SIEM solutions (Splunk ES, Microsoft Sentinel), and cloud forensics (AWS CloudTrail, VPC Flow Logs) to quickly scope threats and disrupt attacker operations. My work is grounded in MITRE ATT&CK mapping and NIST SP 800-61 incident response frameworks, with a consistent focus on chain-of-custody and defensible evidence handling.

I deliver measurable outcomes, including a 65% reduction in exposure windows, $1.2M in fraud losses prevented, and 60% improvement in MTTR. I also drive operational maturity by tuning detections, reducing false positives, mentoring analysts, and partnering cross-functionally with engineering and leadership to strengthen response playbooks and remediation strategies.

Experience

Work history, roles, and key accomplishments

IN
Current

IT Security Engineer IV (DFIR)

Intuit

Dec 2025 - Present (4 months)

Led malware triage and reverse engineering across endpoints and cloud workloads using CrowdStrike Falcon and SentinelOne, containing 15+ malware incidents. Disrupted C2 infrastructure by correlating DNS and VPC flow logs and blocked C2 channels within 2 hours, reducing exposure windows by 65% through coordinated zero-day response.

SentinelOneAWS ECSC2 Detection (DNS VPC Logs)Threat HuntingZero Day ResponseSandbox AnalysisIncident Response
KP

Principal DFIR Analyst

Kaiser Permanente

Jul 2023 - Jan 2026 (2 years 6 months)

Orchestrated the full incident response lifecycle across hybrid on-prem and cloud environments using CrowdStrike Falcon and Splunk ES to detect and prioritize IOCs and advanced adversary activity. Provided technical input for EDR alert tuning, Palo Alto Networks signature refinement, and SIEM correlation rules to measurably reduce false positive rates, while executing containment, eradication, and

SplunkIncident ResponsePalo Alto NetworksChain Of Custody
NN

Principal DFIR Analyst

National Institutes of Health (NIH)

Mar 2022 - Jul 2023 (1 year 4 months)

Led critical incident escalations for a federal healthcare research environment, performing disk, memory, and cloud log forensics and mapping adversary activity to the MITRE ATT&CK framework. Enhanced threat hunting and forensic workflows using Splunk ES, Anomali TIP, CrowdStrike Falcon, and Microsoft Defender for Endpoint, and produced executive-level incident reports after post-incident IOC and

SplunkAnomaliMicrosoft DefenderAWS CloudTrailVPC Flow LogsThreat IntelligenceIncident Reports
BI

Senior Incident Response Consultant

Biogen

Jul 2020 - Mar 2023 (2 years 8 months)

Coordinated enterprise incident response activities (containment, eradication, and recovery) using Splunk and CrowdStrike Falcon, achieving a 65% reduction in threat impact across the engagement lifecycle. Built repeatable IR tools/processes and performed structured threat hunting and host/network forensic analysis to identify IOCs and advanced TTPs.

SplunkIncident ResponseThreat HuntingPalo Alto Networks FirewallsForensic AnalysisContainment Eradication Recovery
KL

Associate Director DFIR

Kivu Consulting LLC

Mar 2019 - Jul 2020 (1 year 4 months)

Supervised a team of breach response investigators across 150+ cases, with 80%+ involving ransomware breach response, managing scope through final reporting. Developed action plans, schedules, budgets, and executive status reporting, and led training on modern forensic tools, malware trends, and investigation methodologies.

RansomwareIncident ManagementDigital ForensicsBreach ManagementScopingTeam LeadershipExecutive Reporting
BS

Security Engineer V (IR)

Brooks Technical Services

Nov 2014 - Feb 2019 (4 years 3 months)

Served as Incident Response Lead, running end-to-end IR lifecycle across SaaS cloud environments and delivering a 60% reduction in threat impact and MTTR through coordinated cross-functional triage and escalation. Designed process automation and continual service improvement aligned with NIST SP 800-61 and PICERL, and conducted disk/memory/cloud forensics using FTK, Autopsy, Magnet AXIOM with Pyth

PICERLAutopsyAWS CloudTrailVPC Flow LogsPythonPowerShell

Education

Degrees, certifications, and relevant coursework

michael hasn't added their education

Don't worry, there are 90k+ talented remote workers on Himalayas

Browse remote talent

Tech stack

Software and tools used professionally

Splunk logo

Splunk

Microsoft Azure logo

Microsoft Azure

Gmail logo

Gmail

PowerShell logo

PowerShell

AWS CloudTrail logo

AWS CloudTrail

Splunk Enterprise logo

Splunk Enterprise

Windows logo

Windows

Mimecast logo

Mimecast

CrowdStrike logo

CrowdStrike

Palo Alto Networks logo

Palo Alto Networks

Cisco Umbrella logo

Cisco Umbrella

Root Cause logo

Root Cause

Wiz logo

Wiz

Axiom logo

Axiom

Evidence logo

Evidence

Black

Enhance logo

Enhance

Novel logo

Novel

SentinelOne logo

SentinelOne

Remote logo

Remote

Jan logo

Jan

Movement logo

Movement

Microsoft Purview

Falcon logo

Falcon

Availability

Open to opportunities

Location

United States

Authorized to work in

United States

Job categories

Digital Forensics AnalystSenior Incident Response ConsultantThreat Detection AnalystDigital Forensics InvestigatorSecurity EngineerCyber Threat Intelligence AnalystSenior Digital Forensics AnalystSenior DFIR ConsultantSenior Digital Forensics Consultant

Skills

RemoteIncident ResponseDigital ForensicsThreat HuntingDetection EngineeringMalware AnalysisReverse EngineeringSIEM EngineeringAlert TuningCloud SecurityATT&CK MappingNIST SP 800 60 Vol 1 & 2 Rev 1Chain Of CustodyEvidence HandlingZero Day ResponseFraud InvestigationCrowdStrike Falcon Cloud SecuritySentinelOneSplunk EnterpriseAzure SentinelEncaseFTK ImagerAutopsyAWS CloudTrailVPC Flow LogsPythonPowerShellWiz CSPMAnomaliMISPRecorded FutureAXIOMBlackCisco UmbrellaCrowdstrikeEnhanceEvidenceFalconGmailJanMicrosoft AzureMicrosoft PurviewMimecastMovementNovelPalo Alto NetworksRoot CauseSplunkWindowsWiz

Interested in hiring michael?

You can contact michael and 90k+ other talented remote workers on Himalayas.

Message michael

People also viewed

View all talent

Find your dream job

Sign up now and join over 100,000 remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan