Remote Digital Forensic Jobs (NOW HIRING)

Role Details
Job Title: Software Engineer, DFIR
Location: Remote, USA
Reports to: Director of Engineering
Employment Type: Full time
Job Req ID: 2026-184
Req Begin Date: 3/3/2026
About Vector3
Vector3, Inc., is an incident response firm supporting TMHCC Cyber and Professional Lines Group (CPLG) Vector3 specializes in responding to Business Email Compromise (BEC) and Ransomware incidents, helping insured organizations investigate, contain, and recover from cyber related incidents. Building on our success in incident response, we are launching a Managed Detection and Response (MDR) service designed to protect our DFIR clients from future incidents. The MDR program will deliver proactive monitoring, detection, and prevention solutions - powered by tools like Sophos EDR/NDR, Microsoft 365, and Google Workspace.
Job Summary
Join us as a Software Engineer, DFIR and take a role in shaping our digital forensics and incident response practice for TMHCC-CPLG insureds. In this position, you'll combine technical expertise to drive complex engineering initiatives that enhance the scale, speed, and precision of our investigations. You'll join a team of talented engineers through hands-on problem-solving, build scalable solutions for evolving threats, and help refine our consulting capabilities.

• Experience with CI/CD platforms and maintenance, such as Github Actions, ArgoCD, and FluxCD.
• Experience with relational database administration, SQLAlchemy, SQLModel, and full stack application development.
• Experience developing and running containerized services within AWS.
• Programming experience in Bash, Python, PowerShell, or Go.
• Experience with Rust, especially in developing command line tools or building rust bindings for python.
• Experience with large-scale data ingest and data processing pipelines and related tooling: AWS Kinesis, Kafka, Apache Airflow, Vector, Cribl.
• Experience with big data or machine learning categorization algorithms and Python libraries.
• Experience with Vue, JavaScript, TypeScript, or AG Grid is a plus.
• Experience with Kubernetes, EKS, KEDA, Karpenter, secure secret management within a Kubernetes cluster, Istio, AWS IRSA.
• Experience with infrastructure as code projects such as: OpenTofu, Terraform, Crossplane, AWS Controller for Kubernetes (ACK).
• Understanding of cloud platforms and security considerations within AWS (Amazon Web Services), Azure, Microsoft 365, and GCP (Google Cloud Platform).
• Experience with EDR solutions (Defender, SentinelOne, CrowdStrike)
• Strong understanding of legal and regulatory frameworks related to cyber security investigations such as PCI, NIST CSF, or other industry-specific regulations.
• Excellent communication and presentation skills to clearly and concisely communicate complex technical concepts to stakeholders.
• Superior organizational and analytical skills; demonstrated ability to manage multiple tasks simultaneously.

Key Responsibilities
Relying on experience and knowledge, this role is responsible for accomplishing the following assignments. These assignments are varied in nature:
Leadership and Mentorship:

• Assign tasks, delegate responsibilities, and provide mentorship to team members.
• Support development and maintenance of operating procedures and best practices for engineering team.
• Maintain positive, professional insured/carrier relationships.
• Foster a culture of innovation, continuous learning, and skill development within the engineering team.

Client Management and Engagement:

• Understand insured needs and tailor strategies to address specific business risks and compliance requirements.
• Communicate complex engineering concepts internally and externally.

Incident Engineering Operations:

• Develop and maintain engineering automation in support of incident response plans aligned with industry best practices.

Technical Experience:

• Stay informed about emerging engineering technologies and industry best practices.
• Understand and be aware of digital forensics methodologies for evidence collection, analysis, and reporting.
• Provide expert technical guidance on engineering methodologies, automation techniques, software development and recovery techniques.
• Occasionally, support complex digital forensic investigations, including analysis of system logs, network traffic, and endpoint data.

Competencies
Planning
• Follow work plans, established timelines, and predefined goals for assigned work.
• Meet commitments on deadlines.
Communication
• Communicate activities, results, and observations with employees and management as appropriate.
Cost Management
• Identify areas for improvement in existing business practices.
• Perform work thoroughly in a cost-efficient manner and at a high productivity level.
Business Controls and Policies
• Comply with all corporate policies and procedures.
• Report any breakdowns in controls to management.
• Conduct all activities in a safe manner.
People Management
• No people management responsibility
Education Requirements
Minimum 4 year / bachelor's degree in cyber security, Computer Science, Information Technology related degree or relevant professional work experience
Certification, Licenses, and Designations
2 years in leading active cybersecurity engagements, developing security automation and/or SOAR capabilities in support of security incident response, digital forensics, malware analysis or threat intelligence
Advanced degrees or certifications in security (CISSP, CISM, GCFE, GCFA, GREM, GBFA, GCIH, CFCE, CCE) or cloud engineering (AWS Certified Security, Azure Security Engineer, Google Professional Cloud Security Engineer, CCNA, MCSE are a plus.
California
Tokio Marine HCC is an equal opportunity employer that values diversity and inclusion. We offer competitive compensation, comprehensive benefits, and professional growth opportunities within a global organization.
The pay range for this position is $104,200-$143,300 which includes geographic adjustments, where applicable. The pay range is the range THMCC, in good faith, believes is the range of compensation for this role at the time of this posting. The hired applicant will be offered pay within the entire range based on the candidate's geographic location, qualifications, work experience, education, and/or skill level. The Company is fully committed to ensuring equal pay opportunities for equal work regardless of color, race, sex, national origin, sexual orientation, religion, age, veteran status, disability, pregnancy, citizenship status, genetic information, or any other basis protected by federal, state, or local pay equity laws. You do not need to disclose your criminal history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if the Company is concerned about a conviction that is directly related to the job, you will be given the chance to explain the circumstances surrounding the conviction or challenge the accuracy of the background report.
The Company will consider for employment all qualified applicants, including
those with criminal histories, in a manner consistent with the requirements of applicable federal, state and local laws, such as the Violent Crime Control and Law Enforcement Act of 1994 (18 USC § 1033(e))(the "VCCLEA"), which restricts financial institutions and insurers such as TMHCC from employing individuals with certain types of criminal convictions. Where the hiring and employment of individuals is not restricted by the foregoing, the Company will consider qualified applicants with arrest or conviction history in compliance
with applicable law such as the California Fair Chance Act, the Los Angeles Fair Chance Initiative for Hiring Ordinance, the Los Angeles County Fair Chance Ordinance, the San Diego Fair Chance Ordinance, and the San Francisco Fair Chance Ordinance.
As an insurance company, we comply with certain federal, state and local laws such as the Violent Crime Control and Law Enforcement Act of 1994 (18 USC § 1033(e)), which restricts our ability to employ individuals with certain types of criminal convictions. Where not restricted by law and for criminal history not covered by this law, the Company will consider qualified applicants with arrest or conviction history in compliance with applicable law.
Tokio Marine HCC offers a competitive salary and a generous employee benefit package that includes among other benefits, subsidized medical, prescription, dental, vision and basic life and disability insurance, employee assistance program, paid parental leave, 401(k) plan with Company matching contributions and educational/loan assistance. Subject to local and state laws governing the accrual of paid time off (PTO), Employees will receive at least 20 days of PTO, prorated for the current year based on date of hire, and/or paid sick leave. Employees annually receive approximately 11 paid holidays, one paid volunteer day, and two paid floating holidays.
Tokio Marine HCC offers a competitive salary and a generous employee benefits package including among other benefits, subsidized medical, prescription, dental, vision and basic life and disability insurance, 401(k)plan with Company matching contributions, paid parental leave, paid time off and/or paid sick leave, and educational/loan assistance.
Tokio Marine HCC is a leading specialty insurance company underwriting more than 100 classes of specialty insurance with employees located across 180 counties. TMHCC was established in 1974 and is headquartered in Houston, Texas with offices across the United States and Europe, Mexico, Australia, and in Tokyo, Japan. The Company offers competitive compensation, great benefits, and the strength, stability, growth, and profitability that comes from being a member of the Tokio Marine Group of Companies. Tokio Marine HCC is an equal opportunity employer. Please visit www.tmhcc.com for more information about our companies.
Additional Working Conditions and Physical Conditions

• Overtime hours may be required to fulfill job responsibilities
• May be required to remain stationary for extended periods of time
• May be required to move up to 10 pounds
• Must be able to operate a computer and other devices
• Close vision and ability to adjust focus, such as required to read a computer screen
• Regular travel (up to 50% of time)