Incident Response Specialist

About the role

Are you passionate about investigating state sponsored attacks, data breaches, economic espionage and targeted intrusions? Join the Incident Response team, which is responsible for the development and delivery of incident response and threat hunting services provided across the globe, ranging from single-system analysis to major intrusions on some of the world’s largest corporate networks.

The Incident Response Specialist role will primarily consist of conducting incident response investigations on behalf of a wide variety of clients across every sector. Within the role you will have scope to be involved in all aspects of incident response activity, as well as to develop specialisms in particular areas. You will be working within complex security environments and alongside Incident Response Managers to design, communicate and execute incident response, containment and remediation plans.


  • Plan, organise and devise approaches necessary to respond to incidents and obtain useful forensic information from the evidence collected
  • Prioritising and differentiating between potential intrusion activity and false alarms
  • Conduct incident and investigation post-mortem briefings, analysis, and reporting
  • Conduct forensic investigations including physical/logical disk, network packet capture, memory analysis or malware analysis
  • Provide technical guidance to investigations to correctly gather, analyse and present digital evidence to both business and legal audiences
  • Collate conclusions and recommendations and present forensics findings to stakeholders
  • Contribute to the development of policies, standards and guidelines for incident response
  • Correlate threat intelligence with active attacks and vulnerabilities within the enterprise
  • Monitor and analyse security events and identify trends, attacks, and potential threats
  • Research and test out new DFIR tooling and techniques
  • Creating and tracking security investigations to resolution; and, Facilitate the integration of threat and data feeds for the purposes of incident response

Skills and Experience

We expect you will already be able to demonstrate experience and knowledge in one or more of the following areas:

  • Besides the following specialist skills desired, candidates who possess additional business development skills & experience will be definitely valuated according to their level and extra qualities:
  • Experience in forensic capture and investigation tools such as EnCase, X-Ways, SIFT or F-Response
  • Experience with log management solutions such as Splunk, Elastic
  • Knowledge of Windows system internals and ability to identify common indicators of compromise from dead or live systems and live memory using tools such as the SysInternals suite, RegRipper, Volatility, or Mandiant Redline
  • Experience of gleaning and analysing security information from enterprise network and host based sensors, such as IDS/IPS systems, HIDS, SIEMs, AD controllers and firewalls
  • Expertise analysing raw network traffic captures or deployment and use of network forensics or monitoring devices such as FireEye, Solera, WireShark, SNORT or Netwitness
  • Knowledge of scripting languages such as Python, Perl or PowerShell and their use in forensic analysis and live incident response, or experience using other programming languages to develop software for host-centric, network-centric or log-centric security analysis

What do we offer

  • Many training and courses that contribute to your personal and professional development
  • An appropriate salary and extensive employment benefits. These benefits include a 'well-being budget'. This is a personal yearly budget of € 750,- that you can spend on your health, e.g., mindfulness, sports, lifestyle coaching, a second screen for your home office and noise cancelling headphones  
  • Monthly internet allowance 
  • A lease car or car allowance, laptop and an iPhone
  • 32 holiday days per year 
  • Informal and interesting (virtual) events with colleagues


Hours per weekFull time