Senior Digital Forensic and Incident Response Consultant

The client is looking for a Senior Digital Forensic and Incident Response Consultant to work a 12 month extendable contract based in Reading or London (Remote with requirement for occasional travel).

Role Description:

You will be operating as a Senior Digital Forensic Incident Response (IR) Investigator within the Threat Research Advisory Center (VTRAC). As a DFIR specialist you’ll be expected to serve as a tactical arm of the team, conducting live incident response, computer forensic analysis, data recovery, and other IT investigative work. Due to the inherent volatility of investigative response work, you will be expected to discharge the various responsibilities assigned to their role while successfully managing a variable case load. The role may require 24/7 activity and travel to customer sites in the UK or overseas at short notice. In this role, you will be responsible for integrity in analysis, quality in client deliverables, as well as gathering case-load intelligence. The position will operate in a close team of computer forensics, fraud examiners, and other IT investigative experts, as well as customer management, counsel, human resources, and other IT technical personnel. As a client-facing expert within the VTRAC team, you will be delivering proactive and reactive Digital Forensics and Incident Response (DFIR) services. This role is responsible for architecting cyber resilience for clients through strategic planning and assessment, pressure-testing defenses via advanced breach simulations, and providing decisive leadership as an Incident Commander during major cyber crises. VTRAC provides an unparalleled, intelligence-driven approach to helping organizations prepare, respond, and recover from the most sophisticated cyber threats. This is an opportunity to work on the most challenging and impactful cases alongside the best in the business.

 Responsibilities:

• Reactive Forensic Investigations & Expert Analysis:
  • Ability to assist customers in responding rapidly and effectively to computer-related incidents and should consistently exceed expectations while working in a customer-facing setting.
  • Lead complex, large-scale digital forensic investigations in sophisticated security breaches, determining initial attack vectors, scope of compromise, and data exfiltration.
  • Act as the lead technical subject matter expert in at least two of the following domains: host-based forensics (Windows, Linux, macOS), network forensics and full packet capture analysis, memory forensics, mobile device forensics (iOS/Android), or Cloud Forensics.
  • Maintain forensic integrity of evidence and produce comprehensive, court-admissible reports and deliverables for clients, legal counsel, and regulatory bodies.
• Proactive Resilience Engagements:
  • Conduct formal Incident Response Capability Assessments (IRCA), benchmarking client programs against maturity models to identify critical gaps in people, process, and technology and delivering strategic improvement roadmaps.
  • Lead and deliver Incident Response Plan Development (IRPD) engagements, creating comprehensive, actionable IR plans for clients based on NIST, SANS, and other industry-standard frameworks.
  • Serve as a trusted strategic advisor to client leadership (including C-suite and Board level) on matters of cyber risk, incident preparedness, and resilience strategy.
  • Design, develop, and facilitate a range of sophisticated breach simulation exercises, from executive-level, discussion-based tabletop exercises to immersive, technical simulations.
  • Create realistic, tailored threat scenarios (e.g. multi-stage ransomware, insider threat, nation-state espionage) that effectively test a client’s decision-making, communication, and technical response functions under pressure.
  • Produce detailed post-exercise reports with actionable recommendations to drive continuous improvement in client security posture.

You’ll need to have:

• Bachelor’s degree or relevant work experience.
• Experience in the tools, techniques, and methodologies surrounding incident response, computer forensics, industrial control; systems, IoT, and eDiscovery.
• Experience in at least two (2) of the following operating systems: Windows, Linux, Unix, MacOS.
• Experience in consulting customers in DFIR capacity.
• Experience managing the day-to-day aspects of protected customer relationships, as well as IT investigative cases and corporate security incidents.
• Ability to work in a dynamic environment, while maintaining confidentiality, and a professional image and approach with customers is critical.
• Willingness to travel on short notice.
• Fluency in English both written and verbal.
• Valid driver’s license.

Even better if you have one or more of the following:

• Fluency in additional European languages (e.g., French, German, Dutch, etc.)
• Advanced degree in Computer Science, Digital Forensics, or Cyber Incident Response.
• Experience conducting security assessments, penetration testing, and ethical hacking.
• Experience in evidentiary procedures, volatile criminal/civil situations, fraud analysis and IR fundamentals.
• Understanding of information security; network architecture; general database concepts; document management; hardware and software troubleshooting; email systems, such as Microsoft Exchange, Office365, GSuite; Microsoft Office applications; and computer forensic tools such as EnCase and FTK, Velociraptor, EDR, NDR or XDR solutions -ie. CrowdStrike, Defender, SentinelOne, Darktrace, etc.
• Experience regarding malware analysis and reverse engineering, network forensics, memory forensics and mobile forensics.
• Experience in electronic crimes law enforcement, military intelligence, or with a security professional services organization.
• Experience in a security professional services consulting firm.
• One or more of the following professional certifications: GCFA, GCFE, GCIH, GNFA, CCSP, GREM, CISSP, CISM or equivalent, or ability to successfully achieve one within the first 6 months of employment.
• Experience as a Payment Card Industry (PCI) Forensic Investigator (PFI) or Qualified Security Assessor (QSA).