Principal Consultant - DFIR

Key Responsibilities

• Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements. 
• Responding to emergency incidents, including mitigation and remediation activities. 
• Maintaining composure and effectiveness in client Incident Management scenarios. 
• Providing clients with high-quality technical investigations. 
• Collaborating in the identification, resolution, and documentation of security incidents. 
• Conducting intelligence-driven investigative analysis. 
• The ability to discuss wider technology and security posture with a client ultimately to perform Cyber Threat assessments. 

Skills, Knowledge & Expertise

• Ample experience in incident response, security operations or strategic security consulting. 
• Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (to include an understanding of network analysis, host investigation including forensics, malware analysis). 
• Significant experience in a Digital Forensics environment. 
• Experienced in the use of a case management system. 
• Perform advanced host (Log, OS, memory, EDR) network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations. 
• Experience evaluating client security controls, architecture, and operations.  
• Experience crafting scripts (Perl, python, PowerShell, bash) and tools to further enhance incident investigative efforts. 
• Experience triaging Windows and Linux hosts.  
• Experience with Network Traffic Analysis.  
• Experience with Log Data Analysis. 
• Proven ability to explain technical output to a non-technical audience, including at an executive and C-Suite level. 
• Experience working in 24x7 environments and turns. 
• Ability to lead large sized projects as a lead and take responsibility for analysis and reporting. 
• Strong interpersonal and communication skills, including report-writing and presentation skills. 
• The ability to identify attacker Tactics, Techniques and procedures (TTPs) and to develop indicators of compromise. 
• A relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH will be preferred.  
• Strong understanding of common enterprise technologies and configuration, including could platforms such as Azure, M365, AWS and GCP. 

Why NCC Group?

• A trusted advisor at the juncture of cyber and legal, we are a global team of experts with local presence. ​ 
• We help you understand and mitigate threats, from external or internal sources.​ 
• We are there when you need us the most. We help you navigate complex issues often under pressure of time: identifying, preserving, processing and examining digital evidence.​ 
• We use technology and insights to discover, analyze and present facts. ​