Senior Incident Response & Digital Forensics Consultant (m/w/d)
NVISO Security seeks a Senior Incident Response & Digital Forensics Consultant to join our CSIRT team. We aim to protect European society from potentially devastating cyber attacks by providing security services to private and governmental organisations, helping them prepare for, prevent, detect, and respond to incidents.
Our foundation is built on four core values: Proud, Breaking Barriers, Caring, and No BS. These values drive our culture and approach.
Your responsibilities
- Perform host, network, memory and log forensics (Magnet AXIOM Cyber, X-Ways, Autopsy, Wireshark, tshark, Volatility, MemProcFS) and cloud telemetry (Microsoft 365/Azure, AWS, Google Cloud/Workspace) to support incident investigations.
- Lead single‑system forensic analysis and contribute to complex intrusions, focusing on lateral movement, timeline analysis, live response artifact capture, and containment.
- Carry out basic malware triage of executables and scripts (static and behavioural).
- Lead customer calls during incidents, deliver status reports, plan containment and recovery, and provide executive‑ready communications.
- Support improvement projects related to automation in digital forensics and further develop NVISO tools and incident response processes.
- Perform threat hunting engagements, including planning, execution and reporting.
- Assist with tabletop exercises, readiness assessments and threat‑intelligence briefings.
Requirements
- 4+ years of hands‑on experience, including incident response case lead roles.
- Strong knowledge of cyber intrusion analysis, incident response, and digital forensics across Windows, macOS, and UNIX, including memory forensics, timeline analysis, and disk forensics.
- Proficiency with live‑response tooling such as Velociraptor, GRR Rapid Response, EDR live‑response and remediation coordination.
- Up‑to‑date on latest cyber threats and attacker TTPs.
- Excellent analytical, problem‑solving, and documentation skills.
- Effective communication and interpersonal skills for client and team collaboration.
- Calm under pressure and able to prioritize during crises.
- German and English at C1+ proficiency for client‑facing work across DACH.
- Eligibility for NATO clearance (see HERE for more information).
Your availability
- On‑call rotation, typically one week per month.
Travel
- Limited travel within DE/AT/CH (~10–20%) for onsite response, workshops, and stakeholder meetings.
Benefits
At NVISO, we care. We offer a highly competitive remuneration package and additional benefits.
- Work and learn from top cyber security professionals; many staff hold SANS instructor status and advanced certifications (GSE, GXPN, GREM, GCFA, OSCP).
- An entrepreneurial and agile environment that supports innovation and new initiatives.
- Regular team‑building and fun events with annual off‑site trips.
- Personal coaching to support your growth.
- Training budget of €10 000 plus 10 days of paid time off rolled over two years.
- Flexible working hours and home‑office options, including working abroad within the EU.
- Reimbursement of Deutschlandticket + BahnCard 50 1st Class.
- Business bike leasing.
- Company pension scheme.
- 30 holidays.
Disclaimer on the Use of AI Tools in the Application Process
Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI‑powered tools is only permitted to a limited extent.
Application documents must authentically reflect your own qualifications, personality, and motivation. The use of AI for supportive purposes (e.g. spell‑checking, wording improvement) is acceptable. Fully generated application documents created by AI without personal adaptation or review are not permitted. Under no circumstances may NVISO information, data, or documents be uploaded to or processed by external AI tools.
We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognizable personal input. The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.
Seniority level
Associate
Employment type
Full‑time
Job function
Information Technology
Industries
IT Services and IT Consulting
