DFIR Managing Consultant

Key Responsibilities

• Leadership in coordinating a team of experienced DFIR consultants deployed during an, promoting effective collaboration, clear communication, and high‑quality delivery throughout investigative and incident response engagements. 
• Actively responding to cyber security incidents, providing hands‑on technical analysis, containment, mitigation, and remediation support to clients. 
• Demonstrating calm, confident incident leadership and sound judgement in client Incident Management scenarios, including high‑pressure and time‑critical environments. 
• Delivering thorough, high‑quality incident response investigations that support client decision‑making and recovery. 
• Collaborating with clients and internal stakeholders to identify, resolve, document, and improve response to security incidents. 
• Delivery of proactive engagements, such as first responder training and technical tabletops to clients to aid in their improvement of handling incidents.  
• Supporting the development of team capability through mentoring, knowledge sharing, and line management of junior consultants. 

Skills, Knowledge & Expertise

• Extensive experience working in incident response, digital forensics, or security operations, with a demonstrable focus on incident response delivery. 
• Proven experience leading teams during cyber incidents, providing clear incident management and technical direction to clients. 
• Strong knowledge of enterprise security controls and common defensive technologies. 
• Ability to design and develop scripts, tooling, or automation to enhance investigative effectiveness and response efficiency. 
• Hands‑on experience triaging and investigating Windows, Linux, and macOS hosts. 
• Demonstrable experience delivering incident response engagements within cloud environments. 
• Ability to produce clear, high‑quality written and verbal outputs, including reports, presentations, recommendations, and executive‑level findings for clients. 
• Relevant professional certifications such as CREST CPIA, CRIA, CCNIA, or CCHIA, and or SANS certifications including GCFA, GNFA, or GCIH. 
• Experience delivering technical tabletop exercises and leading clients through incident scenarios to test and improve processes and response capability. 
• Strong understanding of common enterprise technologies and configurations, including cloud platforms such as Azure, Microsoft 365, AWS, and GCP. 

Job Benefits

• Focusing on Clients and Customers.  
• Working as One NCC. 
• Always Learning. 
• Being Inclusive and Respectful.  
• Delivery Brilliantly.  

• A trusted advisor at the juncture of cyber and legal, we are a global team of experts with local presence. ​ 
• We help you understand and mitigate threats, from external or internal sources.​ 
• We are there when you need us the most. We help you navigate complex issues often under pressure of time: identifying, preserving, processing and examining digital evidence.​ 
• We use technology and insights to discover, analyze and present facts. ​