Senior Incident Response & Digital Forensics Consultant (mwd)

It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks! This means we offer cyber security services to private and governmental organisations to help them better prepare for prevent, detect and respond to cyber security incidents.

All of this is built on four fundamental values that define who we are: We are Proud, We Break Barriers, We Care and No BS!

As our Senior Incident Response Consultant (m / w / d) you will support the NVISO incident response team (CSIRT) in responding to a wide range of cyber incidents. In addition to incident response and forensic engagements you will work closely with the rest of the team to build & automate incident response processes, analytical capabilities including threat hunting. You act as Incident Lead by setting investigative questions, delegating technical analysis tasks and steering containment and eradication strategies. You produce high‑quality forensic and executive reports to present findings to technical stakeholders and executives. You occasionally peer‑review case notes, artifacts and draft reports.

• Perform host forensics (Magnet AXIOM, Cyber X‑Ways, Autopsy), network forensics (Wireshark, tshark), memory forensics (Volatility, MemProcFS) and log analysis including cloud telemetry (Microsoft 365 / Azure, AWS, Google Cloud / Workspace) in support of cyber incident investigations.
• Lead single‑system forensic analysis and contribute meaningfully to complex intrusions, including those with lateral movement, performing timeline analysis of compromised hosts and conducting live‑response artifact capture, volatile data collection and containment to support eradication and recovery efforts.
• Perform basic malware triage of executables and malicious scripts (static and behavioural) to inform containment and eradication strategies.
• Lead customer calls during incidents and contribute to cyber crisis management, delivering status reports and planning for containment, eradication and recovery efforts and input to executive‑ready communications.
• Support improvement projects related to automation in digital forensics and further develop NVISO tools and incident response processes.
• Perform threat hunting engagements within customer environments, including technical planning, requirements definition, execution and reporting.
• Assist in other engagements such as tabletop exercises, incident and forensic readiness assessments and threat‑intelligence‑related briefings.

• 4 years of hands‑on experience including acting as an incident response case lead.
• Strong knowledge of cyber intrusion analysis, incident response and digital forensics on Windows, MacOS and Unix with demonstrated expertise in memory forensics (Volatility, MemProcFS), timeline analysis (e.g. MFTECmd, KAPE, Plaso, Timesketch) and disk forensics (Magnet AXIOM, Cyber X‑Ways, Autopsy).
• Proficiency with live‑response tooling (e.g. Velociraptor, GRR, Rapid Response, EDR live response) and coordinating remediation actions.
• Up‑to‑date on the latest cybersecurity threats and attacker TTPs.
• Excellent analytical and problem‑solving skills with an eye for detail in documentation.
• Effective communication and interpersonal skills to work collaboratively with clients and cross‑functional teams.
• Ability to remain calm during crisis situations and prioritise effectively under pressure.
• Language: German and English at C1 proficiency for client‑facing work across DACH.
• You are eligible for a NATO clearance (see HERE for more information).

• We have an on‑call rotation typically one week per month.

• Some limited travel within DE / AT / CH (1020%) for onsite response workshops and stakeholder meetings.

At NVISO we care. We are committed to offering you a highly competitive remuneration package including financial and non‑financial components:

• Working and learning from the best people in the European cyber security industry. We have multiple SANS instructors working at NVISO, our staff has presented at popular hacking conferences (BlackHat, BruCON, OWASP, etc.) and all of our technical staff can acquire deep technical security certifications (GSE, GXPN, GREM, GCFA, OSCP, etc.).
• An entrepreneurial and agile company where you will be stimulated and supported in driving new initiatives (either through internal innovation or by improving our service offering) without losing sight of having fun!
• Regular team‑building and fun events with legendary off‑site events once a year. The location of the next team building is one of the most closely guarded secrets at NVISO; we can however disclose that we’ve visited Lisbon, Dubai and Malta over the past few years.
• Our commitment to coach and counsel you and help you grow; each employee receives a personal coach within the team whose role is to ensure your well‑being and help you grow in your career.
• A training budget of 10 000 EUR plus 10 days paid time off rolling over two years.
• Flexible working hours and home office possibilities (incl. working abroad options within the EU).
• Reimbursement of Deutschlandticket BahnCard 50 1st Class.
• Business bike leasing.
• Company pension scheme.
• 30 holidays.

Please be aware that the creation and submission of application documents (e.g. CV, cover letter, case studies, etc.) using AI‑powered tools is only permitted to a limited extent.

The use of AI for supportive purposes (e.g. spell‑checking, improving wording) is acceptable.

Fully generated application documents created by AI without personal adaptation or review are not permitted.

Under no circumstances may NVISO information, data or documents be uploaded to or processed by external AI tools.

We reserve the right to exclude applications from the selection and interview process that are clearly created primarily or exclusively by AI and show no recognisable personal input.

The purpose of this policy is to ensure a fair and transparent recruitment process and to obtain an authentic impression of our applicants.

Application documents must authentically reflect your own qualifications, personality and motivation.