Forensic Analyst

Our client, a lead IT Service Integrator, is looking for a Freelance Dutch-speaking Cyber Security Incident Manager.

The Role:

As a Forensic Expert (DFIR), you are the linchpin during cyber incidents. You are (or are developing into) a substantive DFIR specialist who understands how to secure, investigate and responsibly report forensic evidence. You will work with other forensic experts and recovery specialists, negotiators and will be the permanent point of contact for the customer throughout the entire incident. You will translate technical findings into impact, risks and decisions, and ensure that the correct containment and recovery measures are taken in a timely manner. You will contribute to the further professionalisation of our DFIR services (including IR readiness, playbooks and automation) or be deployed as a cybersecurity consultant. Managing and (where necessary) conducting digital forensic investigations with a focus on integrity (chain of custody, hashing, reproducibility) Executing and monitoring initial communication, escalations and war room management Scoping and evidence collection at scale with Velociraptor (hunts/flows, artefact collection, endpoint triage) Deploying CedarPdelta for consistent triage/collection workflows and evidence packages Supervising forensic investigations, containment, eradication and recovery in collaboration with specialists Preparing clear progress reports, impact analyses and decision points for customers and stakeholder

Leading and coordinating cyber incidents from triage to aftercare (triage → scope → containment → eradication → recovery → lessons learned) Documenting actions, findings and decisions per incident phase (including incident log) Supporting legal reporting obligations (including NIS2, GDPR, WBNI) in collaboration with Legal/Privacy Managing/supervising post-incident reviews, root cause analyses and improvement measures Contributing to the improvement of scripts, tooling, automation and response readiness Providing or supporting training courses and tabletop exercises for customers

Required Skills:

Demonstrable experience with digital forensic investigation (endpoint/server and preferably also cloud/logging) Demonstrable experience with DFIR tooling : Velociraptor

(hunts, artifact-based collection, scoping) -

OR comparable. Demonstrable experience in incident response/management and cybersecurity operations Strong communication skills, stress resistance and ability to manage under pressure Provide incident response on location. Analytical, decisive and organisationally sensitive (switches between detail and overview) Affinity with recovery work and collaboration with recovery/IT teams

Nice to have : CedarPdelta (triage/collection, workflow-based evidence gathering) Knowledge of legislation and regulations (GDPR, NIS2, WBNI) is a strong advantage (demonstrable experience) Preferred: experience with scripting/automation (e.g. PowerShell/Python) and working according to MITRE ATT&CK

Language requirements: Dutch

Location: This project can be delivered from Amstelveen or Eindhoven, with up to 90% remote working.