Executive Principal Consultant

Executive Principal Consultant

Department: Cyber Services and Capabilities

Employment Type: Full Time

Location: NLD Rijswijk

To manage and service NCC Group clients within the Digital Forensics and Incident Response space.

The Principal DFIR Consultant plays a pivotal role within the team of seasoned analysts, actively participating in the analysis and response to security incidents and events. With a focus on continuous learning and collaboration, Principal consultants are adaptable to most events in challenging and dynamic situations. Through the application of deep technical skills and strong dedication to detail-oriented analysis, the Principal DFIR Consultant supports clients extensively.

The role provides line management opportunities, supporting and mentoring all team members. Additionally, the role offers cross service internal support, reviewing collaboration and efficiencies.

Key Responsibilities

• Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements.
• Responding to emergency incidents, including mitigation and remediation activities.
• Maintaining composure and effectiveness in client incident management scenarios.
• Providing clients with high quality technical investigations.
• Collaborating in the identification, resolution, and documentation of security incidents.
• Conducting intelligence driven investigative analysis.
• The ability to discuss wider technology and security posture with a client ultimately to perform cyber threat assessments.

Skills, Knowledge & Expertise

• Ample experience in incident response, security operations or strategic security consulting.
• Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (including understanding of network analysis, host investigation including forensics, and malware analysis).
• Significant experience in a Digital Forensics environment.
• Experienced in the use of a case management system.
• Perform advanced host (Log, OS, memory, EDR) network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations.
• Experience evaluating client security controls, architecture, and operations.
• Experience crafting scripts (Perl, Python, PowerShell, Bash) and tools to further enhance incident investigative efforts.
• Experience triaging Windows and Linux hosts.
• Experience with network traffic analysis.
• Experience with log data analysis.
• Proven ability to explain technical output to a non technical audience, including at an executive and C suite level.
• Experience working in 24 7 environments and turns.
• Ability to lead large sized projects as a lead and take responsibility for analysis and reporting.
• Strong interpersonal and communication skills, including report writing and presentation skills.
• Ability to identify attacker tactics, techniques, and procedures (TTPs) and to develop indicators of compromise.
• A relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH will be preferred.
• Strong understanding of common enterprise technologies and configuration, including cloud platforms such as Azure, M365, AWS, and GCP.