Principal DFIR Consultant
Department: Cyber Services and Capabilities
Employment Type: Full Time
Location: NLD Rijswijk
Workplace type: Hybrid
Key Responsibilities- Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements.
- Responding to emergency incidents, including mitigation and remediation activities.
- Maintaining composure and effectiveness in client Incident Management scenarios.
- Providing clients with high-quality technical investigations.
- Collaborating in the identification, resolution, and documentation of security incidents.
- Conducting intelligence-driven investigative analysis.
- The ability to discuss wider technology and security posture with a client ultimately to perform Cyber Threat assessments.
- Ample experience in incident response, security operations or strategic security consulting.
- Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (to include an understanding of network analysis, host investigation including forensics, malware analysis).
- Significant experience in a Digital Forensics environment.
- Experienced in the use of a case management system.
- Perform advanced host (Log, OS, memory, EDR) network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations.
- Experience evaluating client security controls, architecture, and operations.
- Experience crafting scripts (Perl, python, PowerShell, bash) and tools to further enhance incident investigative efforts.
- Experience triaging Windows and Linux hosts.
- Experience with Network Traffic Analysis.
- Experience with Log Data Analysis.
- Proven ability to explain technical output to a non‑technical audience, including at an executive and C‑Suite level.
- Experience working in 24×7 environments and turns.
- Ability to lead large sized projects as a lead and take responsibility for analysis and reporting.
- Strong interpersonal and communication skills, including report‑writing and presentation skills.
- The ability to identify attacker Tactics, Techniques and procedures (TTPs) and to develop indicators of compromise.
- A relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH will be preferred.
- Strong understanding of common enterprise technologies and configuration, including cloud platforms such as Azure, M365, AWS and GCP.
Please note that this role involves mandatory pre‑employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
#J-18808-Ljbffr€90000 - €130000 monthly
