We’re looking for an Incident Response & Digital Forensics Analyst to reinforce the local CSIRT team in Switzerland.

We are looking for a Senior DFIR Specialist to join our team in Morges. This is a high-impact role designed for a seasoned professional with extensive field experience in incident response (and digital forensics to some extent) that bridges the gap between deep technical analysis and high-stakes crisis management to ensure our findings are translated into clear and actionable business intelligence.

In this versatile role, you will be expected to lead from the front by conducting hands-on incident response and forensic investigations yourself, but also to coordinate the work of other analysts. This involves steering technical task tracking, overseeing the quality of the team’s technical delivery (from initial analysis to remediation) and ensuring that all deliverables meet the highest standards of professional excellence.

As a senior member of the team, you will also play a pivotal role in scaling and maturing our local CSIRT capabilities, helping to shape our methodologies and service evolution in Switzerland.

While not a large part of the job, the role does require a small amount of mentorship and teaching to ensure that more junior members of the team are coping with their workload.

The role will work only in the local CSIRT but will have links into the SOC and Threat Intelligence services for information sharing.

Key Responsibilities

• IR Expertise: Perform end-to-end incident response, sometimes for clients in crisis, ensuring high-quality delivery while maintaining a calm and steady presence.

• On-Call Rotation: Participate in the 24/7 on-call roster to ensure out-of-hours emergency coverage.

• Incident Coordination: Oversee task tracking and technical analysis performed by other analysts during coordinated responses.

• Digital Forensics: Conduct in-depth forensic investigations on various media and platforms, including standalone digital forensic engagements outside of live incident response.

• Reporting & Quality Control: Write and review detailed incident reports in both French and English (with a keen eye for the legal and strategic implications of every word) and ensure all client-facing documents meet the highest standards.

• Proactive Advisory: Support clients in pre-incident phases to bolster their resilience (e.g., enhancing logging, refining incident response plans and playbooks, delivering technical and executive tabletop exercises, implementing strategies to reduce MTTD/MTTR, etc.).

• Service Development: Contribute to the growth of the local CSIRT service through technical innovation, methodology improvements, and tool development.

• Pre-sales & Mentorship: Participate in pre-sales activities (e.g. proposals and presentations) and actively train/upskill junior and mid-level analysts.

Skills & experience you should bring along

• Education: Degree in IT, Computer Science, or a Cybersecurity-related field.

• Experience: Ideally 4+ years in DFIR. We are, however, open to talented profiles with less seniority who can demonstrate strong technical autonomy and hands-on expertise in the field.

• Certifications: GIAC certifications (such as GCFA, GCFR, or GNFA) are a distinct advantage.

• Communication: Strong communication skills and a high standard of report writing in both French and English (C1/C2 level). German is a significant advantage.

• Crisis Management: Proven ability to handle high-pressure situations in a productive and professional manner and ability to prioritize and action both operational and project demands.

• Business Acumen: Deep understanding of enterprise IT ecosystems, their lifecycles, and budgetary constraints.

Technical Proficiency:

o Deep understanding of adversary tactics and attack methodologies (TTPs), which form the bedrock of any effective defensive strategy.

o Proven experience in root cause analysis and complex incident response scenarios.

o Strong understanding of networking principles and protocols (TCP/IP, DNS, SMTP, HTTP, etc.).

o Proficiency in investigating environments across Google Cloud, AWS, and Azure. Experience with Kubernetes and OpenStack would be an advantage.

o Ability to review and correlate raw log files (Firewall, Netflow, IDS, System logs).

o Malware triage capabilities to determine malicious intent and impact.

o Experience with network analysis tools would be an advantage (like Wireshark, tcpdump, Zeek or RITA).

o Solid knowledge of the requirements for legally defensible investigations and chain of custody.

o Proficiency in extracting and analysing forensic artefacts across various operating systems.

Tooling & Automation:

o Hands-on experience with EDR/XDR solutions (such as Cortex XDR or CrowdStrike), including threat hunting and containment actions.

o Proficiency with modern acquisition and triage tools (such as KAPE, Velociraptor, or RedLine).

o Ability to automate repetitive tasks, streamline workflows, and parse data using at least one scripting language (like Python and PowerShell).

Department

Detection and Response

Role

Detection, Analysis and Response Consulting

Locations

Switzerland , Morges

Remote status

Hybrid

Employment type

Full-time

Required languages

English, French