Executive Principal Consultant

Department: Cyber Services and Capabilities

Location: NLD Rijswijk

Description

To manage and service NCC Group clients within the Digital Forensics and Incident Response space. The Principal DFIR Consultant plays a pivotal role within the team of seasoned analysts, actively participating in the analysis and response to security incidents and events. With a focus on continuous learning and collaboration the Principal’s are adaptable to most events in challenging and dynamic situations. Through the application of deep technical skills and a strong dedication to detail-oriented analysis the Principal DFIR Consultant plays an extensive role supporting clients. The Role will carry Line Management opportunities and be able to support and mentor all team members. Additionally, the role carries internal cross-service support reviewing collaboration and efficiencies.

Key Responsibilities

• Managing and coordinating a cohesive team, ensuring effective collaboration, clear communication, and efficient workflow throughout technical engagements.
• Responding to emergency incidents, including mitigation and remediation activities.
• Maintaining composure and effectiveness in client Incident Management scenarios.
• Providing clients with high-quality technical investigations.
• Collaborating in the identification, resolution, and documentation of security incidents.
• Conducting intelligence-driven investigative analysis.
• The ability to discuss wider technology and security posture with a client ultimately to perform Cyber Threat assessments.

Skills, Knowledge & Expertise

• Ample experience in incident response, security operations or strategic security consulting.
• Strong technical knowledge, including the ability to conduct analysis in support of cyber incident response activities (including network analysis, host investigation including forensics, malware analysis).
• Significant experience in a Digital Forensics environment.
• Experienced in the use of a case management system.
• Perform advanced host (Log, OS, memory, EDR) network, and cloud system forensics, log analysis, and malware triage in support of incident response investigations.
• Experience evaluating client security controls, architecture, and operations.
• Experience crafting scripts (Perl, python, PowerShell, bash) and tools to further enhance incident investigative efforts.
• Experience triaging Windows and Linux hosts.
• Experience with Network Traffic Analysis.
• Experience with Log Data Analysis.
• Proven ability to explain technical output to a non-technical audience, including at an executive and C‑Suite level.
• Experience working in 24x7 environments and turns.
• Ability to lead large sized projects as a lead and take responsibility for analysis and reporting.
• Strong interpersonal and communication skills, including report-writing and presentation skills.
• The ability to identify attacker Tactics, Techniques and procedures (TTPs) and to develop indicators of compromise.
• A relevant professional certification such as CREST CPIA/CRIA/CCNIA/CCHIA or SANS GCFA/GNFA/GCIH will be preferred.
• Strong understanding of common enterprise technologies and configuration, including cloud platforms such as Azure, M365, AWS and GCP.

Job Benefits

Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well‑being, and we offer wellness programs and flexible working arrangements to provide that vital support.

Equal Opportunity

We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre‑employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.