DFIR Specialist (m/f/d) – Germany

For a leading provider in the cybersecurity field, we are seeking—effective immediately—for a permanent position:

DFIR Specialist (m/f/d) – Germany

Responsibilities:

• Investigation of cyberattacks: Identify, analyze, and document cybersecurity incidents
• Digital evidence preservation & artifact analysis: Forensically secure systems and data carriers (e.g., hard drives, SSDs) and systematically examine recovered artifacts to reconstruct the course of events
• Log and network forensics: Evaluate and correlate logs (servers, network devices, endpoints) and analyze network traffic (e.g., PCAP analysis) to reconstruct attack chains
• Analysis tools & methods: Use and further develop forensic tools (e.g., FTK, Volatility, EZ Tools, KAPE, THOR) as well as custom scripts (Python, PowerShell, etc.)
• Malware reverse engineering: Analyze malware to identify behavior, functionality, and infection mechanisms
• Threat research: Identify and analyze current threat landscapes in the areas of cybercrime, APTs, and attack techniques
• Collaboration & client advisory: Work closely with incident response teams, Security Operations Centers (SOC), IT departments, and external partners (e.g., law enforcement, legal departments). Advise on preventive measures and remediation of vulnerabilities
• Continuous improvement & training: Evaluate and introduce new forensic tools and technologies, optimize existing processes, and conduct workshops and training for colleagues and clients

Qualifications:

• Education: Degree in computer science, IT security, forensics, cybersecurity, or comparable qualifications (e.g., certifications, relevant experience)
• Experience: Several years of hands-on experience in IT forensics, incident response, or similar fields; ideally with knowledge across different environments (Windows, Linux, Mac, network, cloud)
• Expertise: Network protocols, log formats, and network forensics; analysis of images and emails (triage); working with threat intelligence and IOCs
• Tools: FTK, Volatility, EZ Tools, KAPE, Nextron ASGARD/THOR
• Scripting: Python, PowerShell, YARA, SIGMA
• Certifications (a plus): GCFA, GCFE, GCIH, GREM or comparable
• Analytical skills: Structured work style, attention to detail, and persistence in complex investigations
• Communication: Very good German (C1) and English (B2); ability to explain technical topics clearly; team-oriented working style