Senior Incident Response & Digital Forensics Consultant (m/w/d)

What will you do? As a Senior Incident Response Consultant (m/w/d), you will support the NVISO incident response team (CSIRT) in responding to a wide range of cyber incidents. In addition to incident response and forensic engagements, you will work closely with the rest of the team to build & automate incident response processes, analytical capabilities, including threat hunting. You act as Incident Lead by setting investigative questions, delegating technical analysis tasks, and steer containment and eradication strategies. You produce high-quality forensic and executive reports to present findings to technical stakeholders and executives. You occasionally peer-review case notes, artifacts, and draft reports. Your responsibilities Perform host forensics (Magnet AXIOM Cyber, X-Ways, Autopsy), network forensics (Wireshark, tshark), memory forensics (Volatility, MemProcFS), and log analysis, including cloud telemetry (Microsoft 365/Azure, AWS, Google Cloud/Workspace), in support of cyber incident investigations. Lead single-system forensic analysis and contribute meaningfully to complex intrusions, including those with lateral movement, perform timeline analysis of compromised hosts and conduct live response artifact capture, volatile data collection, containment to support eradication and recovery efforts. Perform basic malware triage of executables and malicious scripts (static and behavioral) to inform containment and eradication strategies. Lead customer calls during incidents and contribute to cyber crisis management, and deliver status reports, planning for containment, eradication and recovery efforts, and input to executive-ready communications. Support improvement projects related to automation in digital forensics and further develop NVISO tools and incident response processes. Perform threat hunting engagements within customer environments, including technical planning, requirements definition, execution, and reporting. Assist in other engagements such as tabletop exercises, incident and forensic readiness assessments, and threat-intelligence-related briefings.