This means we offer cyber security services to private and governmental organizations to help them better prepare for, prevent, detect and respond to cyber security incidents.
As our Senior Incident Response Consultant (m/w/d), you will support the NVISO incident response team (CSIRT) in responding to a wide range of cyber incidents. In addition to incident response and forensic engagements, you will work closely with the rest of the team to build & automate incident response processes, analytical capabilities, including threat hunting. You produce high-quality forensic and executive reports to present findings to technical stakeholders and executives. Perform host forensics (Magnet AXIOM Cyber, X-Ways, Autopsy), network forensics (Wireshark, tshark), memory forensics (Volatility, MemProcFS), and log analysis, including cloud telemetry (Microsoft 365/Azure, AWS, Google Cloud/Workspace), in support of cyber incident investigations.
Lead single-system forensic analysis and contribute meaningfully to complex intrusions, including those with lateral movement, perform timeline analysis of compromised hosts and conduct live response artifact capture, volatile data collection, containment to support eradication and recovery efforts.
Lead customer calls during incidents and contribute to cyber crisis management, and deliver status reports, planning for containment, eradication and recovery efforts, and input to executive-ready communications.
Support improvement projects related to automation in digital forensics and further develop NVISO tools and incident response processes.
4+ years of hands-on experience, including acting as an incident response case lead.
~ Strong knowledge of cyber intrusion analysis, incident response, digital forensics on Windows/MacOS/Unix, with demonstrated expertise in memory forensics (Volatility, MemProcFS), timeline analysis (e.g., Language: German and English at C1+ proficiency for client-facing work across DACH.
~ Benefits
We have multiple SANS Instructors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, OWASP, etc) and all of our technical staff can acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc);
~ Regular team-building and fun events with legendary off-site events once a year. Flexible working hours and home office possibilities (incl. Reimbursement of Deutschlandticket + BahnCard 50 1st Class;
~ Business Bike Leasing;
~ Company Pension Scheme;
~CV, cover letter, case studies, etc.) Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.