Defend (Services)

DFIR Consultant

To start as soon as possible, full-time in Berlin





Full time

Working time



The Job

Does that get you up in the morning?

  • Conduct digital forensic investigations and support operations in compliance with applicable laws and client policies as part of incident response projects
  • Resolve ad hoc programming issues using pragmatic approaches
  • Lead technical projects and initiatives, with various stakeholders, to derive necessary actions, assess risks and constraints
  • Resolve issues and support cross-organizational efforts
  • Make recommendations to overcome future technical obstacles
  • Help customers understand complicated, technical circumstances
  • Document investigation steps and retention, e.g., processes and procedures (collection, processing, and analysis)


What we’re looking for

  • Completed relevant technical training with at least 5 years of SOC or Incident Response (DFIR) experience.
  • Experience with:
  • Windows and Linux forensics
  • File system and storage forensics
  • THOR log analysis
  • Current IR tools, e.g. ELK, Plaso, Timesketch, GRR, THOR
  • Linux (CLI) and scripting
  • Experience with Advanced Persistent Threats and their TTPs (especially lateral movement).
  • Support of Ransomware victims
  • Remediation consulting, planning & execution
  • Willingness to travel
  • German language skills on B2 level and English language skills on C1 level