The Role
The Principal DFIR Consultant manages a team, responds to incidents, conducts investigations, and provides high-quality technical analysis for clients in the Digital Forensics and Incident Response space.
Summary Generated by Built In
To manage and service NCC Group clients within the Digital Forensics and Incident Response space.
The Principal DFIR Consultant plays a pivotal role within the team of seasoned analysts, actively participating in the analysis, and response to security incidents and events. With a focus on continuous learning and collaboration the Principal’s are adaptable to most events in challenging and dynamic situations. Through the application of deep technical skills and a strong dedication to detail-oriented analysis the Principal DFIR Consultant plays an extensive role supporting clients.
The Role will carry Line Management opportunities and able to support and mentor all team members. Additionally, the role carries internal cross service support reviewing collaboration and efficiencies.
Key Responsibilities
- Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements.
- Responding to emergency incidents, including mitigation and remediation activities.
- Maintaining composure and effectiveness in client Incident Management scenarios.
- Providing clients with high-quality technical investigations.
- Collaborating in the identification, resolution, and documentation of security incidents.
- Conducting intelligence-driven investigative analysis.
- The ability to discuss wider technology and security posture with a client ultimately to perform Cyber Threat assessments.
Skills, Knowledge & Expertise
- Ample experience in incident response, security operations or strategic security consulting.
- Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (to include an understanding of network analysis, host investigation including forensics, malware analysis).
- Significant experience in a Digital Forensics environment.
- Experienced in the use of a case management system.
- Perform advanced host (Log, OS, memory, EDR) network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations.
- Experience evaluating client security controls, architecture, and operations.
- Experience crafting scripts (Perl, python, PowerShell, bash) and tools to further enhance incident investigative efforts.
- Experience triaging Windows and Linux hosts.
- Experience with Network Traffic Analysis.
- Experience with Log Data Analysis.
- Proven ability to explain technical output to a non-technical audience, including at an executive and C-Suite level.
- Experience working in 24x7 environments and turns.
- Ability to lead large sized projects as a lead and take responsibility for analysis and reporting.
- Strong interpersonal and communication skills, including report-writing and presentation skills.
- The ability to identify attacker Tactics, Techniques and procedures (TTPs) and to develop indicators of compromise.
- A relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH will be preferred.
- Strong understanding of common enterprise technologies and configuration, including could platforms such as Azure, M365, AWS and GCP.
Why NCC Group?
At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.
Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.
Our mission in the Digital Forensics and Incident Response Team is to be recognized by clients, analyst and partners as world-class player.
Our vision:
- A trusted advisor at the juncture of cyber and legal, we are a global team of experts with local presence.
- We help you understand and mitigate threats, from external or internal sources.
- We are there when you need us the most. We help you navigate complex issues often under pressure of time: identifying, preserving, processing and examining digital evidence.
- We use technology and insights to discover, analyze and present facts.
Our advice is unbiased. Our reports are concise.
About
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
Skills Required
- Experience in incident response, security operations or strategic security consulting
- Strong technical knowledge in cyber incident response activities
- Experience in a Digital Forensics environment
- Experience with case management systems
- Perform advanced cloud system forensics and log analysis
- Experience evaluating client security controls and architecture
- Experience crafting scripts and tools for investigations
- Experience triaging Windows and Linux hosts
- Experience with Network and Log Traffic Analysis
- Ability to explain technical output to non-technical audiences
- Experience working in 24x7 environments
- Ability to lead large projects and reporting
- Strong interpersonal and communication skills
- Ability to identify attacker Tactics and Techniques
- A relevant professional certification such as CREST or SANS
- Strong understanding of common enterprise technologies
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
NCC Group is a global cyber security and resilience company that helps organizations manage risk, strengthen resilience, and build trust. They provide services in cyber security consulting, managed services, technical assurance, and software escrow.
