Executive Principal Consultant

To manage and service NCC Group clients within the Digital Forensics and Incident Response space.

The Principal DFIR Consultant plays a pivotal role within a seasoned team of analysts, actively participating in the analysis and response to security incidents and events. With a focus on continuous learning and collaboration, the Principal is adaptable to most events in challenging and dynamic situations, applying deep technical skills and a strong dedication to detail‑oriented analysis to support clients.

This role offers line management opportunities and internal cross‑service collaboration, supporting and mentoring all team members and reviewing collaboration and efficiencies.

• Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements.
• Responding to emergency incidents, including mitigation and remediation activities.
• Maintaining composure and effectiveness in client Incident Management scenarios.
• Providing clients with high‑quality technical investigations.
• Collaborating in the identification, resolution, and documentation of security incidents.
• Conducting intelligence‑driven investigative analysis.
• Discussing wider technology and security posture with a client to perform Cyber Threat assessments.

• Ample experience in incident response, security operations or strategic security consulting.
• Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (network analysis, host investigation, forensics, malware analysis).
• Significant experience in a Digital Forensics environment.
• Experience using a case management system.
• Perform advanced host (log, OS, memory, EDR), network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations.
• Experience evaluating client security controls, architecture, and operations.
• Experience crafting scripts (Perl, Python, PowerShell, Bash) to enhance incident investigative efforts.
• Experience triaging Windows and Linux hosts.
• Experience with Network Traffic Analysis.
• Experience with Log Data Analysis.
• Ability to explain technical output to a non‑technical audience, including at an executive and C‑Suite level.
• Experience working in 24x7 environments and turns.
• Ability to lead large‑sized projects as a lead and take responsibility for analysis and reporting.
• Strong interpersonal and communication skills, including report‑writing and presentation skills.
• Ability to identify attacker Tactics, Techniques and Procedures (TTPs) and develop indicators of compromise.
• Relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH preferred.
• Strong understanding of common enterprise technologies and configuration, including cloud platforms such as Azure, M365, AWS and GCP.

We offer wellness programs and flexible working arrangements to support all aspects of your well‑being. Continuous learning, professional development, and career growth opportunities are part of our inclusive and supportive work environment.

We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please let us know at any stage.

Please note that this role involves mandatory pre‑employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.