Senior Cyber Incident Response Specialist

Data leaks, ransomware, unusual network traffic. Cyber criminals, from insider threat to nation-state sponsored hackers.
Our IR teams support our clients in 24x7 engagements with on-site and (mostly) remote technical analysis. This usually involves collecting data (log files, forensic images, memory images, leverage SIEM, EDR, etc), processing this data in relevant tools (Splunk, forensic tools, custom scripts), analyzing the data for traces related to the incident and reporting on our findings and recommendations. You make a difference for our clients by performing sharp and technical analyzes and by carrying out targeted containment and eradication actions. You are often also asked to give tactical advice, which make an enormous impact that is valued by the client.
We currently have a core team of 5 FTE that is expected to grow to 10 FTE by Q2 2022.
The work is obviously quite unpredictable and has an eb and flow (peaks and dips) in terms of actual IR work.
This work load is complemented by IR related activities we perform for retainer and other clients, like: threat hunting, IR table tops, incident readiness assessments, training, MDR services, compromise assessments, and IR playbook development
We could use ad-hoc support in the IR cases (all phases really, although expected to be mostly in analysis stage), which would be relatively short notice given the nature of the work. For larger incidents, we often see a build-up where it is fine to expand the team over the course of 1-2 weeks
We could also use support in some of the non-IR work mentioned under the third bullet. This is much more plannable work, both in terms of volume over an entire FY, as well as for short to mid-term (weeks to months). Being able to hand over some of the leg work in those activities keeps the hands of the IR team (more) free for new incoming IR requests.

• Technical investigations of cyber incidents: analysis of log files, Windows event logs, Linux artifacts to correlations in EDR tooling, network monitoring tools and SIEM.
• In-depth analysis of malware, threat intelligence and other relevant sources (incl reverse engineering).
• Tactical support such as advice on triage, containment, eradication and broader coordination in cyber incidents.
• Forensic analysis of systems and networks
• Memory forensics
• Performing Compromise Assessments and Threat Hunting projects in SIEM and EDR tooling.
• Creation of custom scripts for parsing special log files, data sets and images, etc.
• Creation of complex timelines based on findings and observations
• Member of the broader Firm Response Team, adding CIR skills to the overall team that includes privacy, crisis management, crisis communication, forensic investigations and ICS/OT.
• Part of the EMEA and Global technical incident responder community to build a strong network and share knowledge base.
• Flexible working hours to support the customer during high-impact incidents

Education:
For the role of Senior Cyber Incident Response Specialist, you also have:

• Professional level of written and spoken English. Writing and speaking Dutch at a professional level is a plus.
• An excellent command of written and spoken English.
• At least 2 years of experience in Cyber Incident Response and digital forensics.
• Master’s or bachelor’s degree in computer science (or related field).
• Hands-on skills to perform sharp and in-depth analyzes, both using tooling such as EDR and network sensors, but also manual analysis, if the tools are not available.
• Certifications like GCIH, GCFE, GCFA, GNFA, GREM.
• Affinity with offensive security work (pentesting etc) is definitely useful
• Experience in systems and/or network administration is a big plus
• Ability to work under pressure and keep track of the big picture while performing in-depth analysis
• Excellent communication skills (both verbally and written)
• exceptional social skills, willingness and experience in being a team player and dealing with people from a various backgrounds and areas across the company, but also possess the ability to work independently.
• the ability to handle sensitive information of clients with trust and confidentiality

If you would like to be considered, please apply directly. For more financial jobs, please visit