SOC Analyst and Cyber incident response (Associate Consultant) m/w/d

We now require a German-speaking Associate Consultant with experience as a SOC Analyst to join our Cyber Response team in Berlin. As the Associate Consultant, you will be responsible for delivering Control Risks' cyber response projects to a wide variety of clients. This involves undertaking compromise assessments, business email compromise investigations, and assisting with the technical response on complex cases. The role reports to the Associate Director of Cyber Response (Technical) and works closely with the Cyber Crisis Management team. The successful candidate will have an investigative background, technical skills, and a deep understanding of current and emerging threat actors. This position offers a great opportunity for an existing SOC Analyst or similar escalation experience to move into a dynamic digital forensics incident response (DFIR) role.

Requirements

Technical response

• Assist with host and network-based investigations, collaborating with the Digital Forensics Incident Response (DFIR) team.
• Conduct threat hunting using EDR (Endpoint Detection and Response) tools to evaluate attacker movement and prevent further activity.
• Perform live compromise assessments for organizations suspecting a breach.
• Detect and hunt unknown malware in memory across enterprise systems.
• Understand existing and emerging threat actors, including attacker TTPs.
• Work with the Cyber Threat Intelligence team to leverage technical information from response cases.
• Advise on the technical recovery of IT systems to balance understanding and speed of recovery.

Reporting

• Provide situation reports and case material to clients and the Director of Cyber Response.
• Prepare documentation for review and feedback before client submission.

Supporting the growth of the Cyber Response practice

• Contribute to the development of response methodologies and adapt approaches to market changes.
• Be available on call, with flexibility to work weekends and evenings as required.
• Identify new growth opportunities.

Essential

• Experience in incident escalation.
• Knowledge of networks, software, hardware; relevant qualifications are advantageous.
• Experience in log analysis and responding to cyber-attacks.
• Operational experience within a Security Operations Centre.
• Proficiency with EDR tools such as SentinelOne, CrowdStrike, or Microsoft Defender.
• Knowledge of SIEM systems.
• Fluent in English and German, both written and spoken.
• Excellent presentation and analytical skills.

Preferred Qualifications and Skills

• Understanding of MITRE ATT&CK techniques and ability to explain TTPs to clients.
• Experience creating SIGMA, SNORT, and YARA rules.
• Consulting experience is a plus.

Benefits

• Competitive compensation and benefits package.
• Support for hybrid working arrangements, emphasizing in-person collaboration and flexibility.