Senior Digital Forensics and Incident Response Consultant

This position is Hybrid flexible working options.

Please note, you will need to be eligible for SC clearance

NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team.

Using your advanced expertise in digital forensics, incident response, and cyber threat investigation, you will lead complex DFIR engagements, conduct advanced forensic analysis across diverse platforms, and provide authoritative guidance during major security incidents. You will work independently on sophisticated investigations, coordinate multi-disciplinary incident response activities, and deliver expert testimony and forensic reporting while mentoring junior investigators and analysts.

What you'll be doing:

Lead complex digital forensic investigations and major incident response engagements. Conduct advanced forensic analysis, coordinate multi-disciplinary IR activities, provide expert testimony, and mentor junior investigators.

KEY RESPONSIBILITIES

• Forensic Investigations & Incident Response
• Lead complex forensic investigations across Windows, Linux, macOS, mobile, and cloud platforms
• Conduct advanced disk, memory, network, and malware forensic analysis
• Lead major IR engagements for sophisticated cyber-attacks and data breaches
• Coordinate multi-team IR activities across technical, legal, and business stakeholders
• Perform threat hunting, containment, eradication, and recovery activities
• Reconstruct attack chains, lateral movement, and APT activities Malware Analysis & Cloud Forensics
• Conduct static/dynamic malware analysis and reverse engineering
• Lead forensic investigations in AWS, Azure, and GCP environments
• Analyze cloud logs, API calls, and container/Kubernetes incidents
• Develop IOCs and detection signatures
• Expert Witness & Legal Support
• Provide expert witness testimony in legal proceedings
• Prepare forensic reports meeting legal and evidentiary standards
• Work with legal teams on e-discovery and regulatory response
• Maintain chain of custody and forensic integrity
• Threat Intelligence
• Analyze threat actor TTPs using MITRE ATT&CK framework
• Conduct threat attribution analysis and identify APT campaigns

What experience you'll bring:

Experience: 6+ years in digital forensics/incident response | 3+ years leading complex investigations and major IR engagements | APT or nation-state incident experience

Technical Expertise

• Forensics: EnCase, FTK, X-Ways, Autopsy, Volatility, Wireshark
• Malware: IDA Pro, Ghidra, Cuckoo Sandbox, REMnux
• Mobile: Cellebrite, Magnet AXIOM
• EDR: CrowdStrike, Carbon Black, Microsoft Defender, SentinelOne
• SIEM: Splunk, ELK Stack, Azure Sentinel
• IR Tools: Velociraptor, KAPE, GRR Rapid Response
• Cloud: AWS CloudTrail, Azure Monitor, GCP Cloud Logging
• Deep Knowledge: Windows internals, file systems (NTFS, ext4, APFS), malware techniques, cloud forensics

Mandatory Certification: GCFA or GCFE

Preferred: GREM, CHFI, GCIH, ECIH, or EnCE

KEY COMPETENCIES

Senior-level communication with executives, legal teams, and regulators | Crisis management during high-pressure incidents | Independent problem-solving | Mentoring junior analysts