Incident Response Forensics Analyst (mfd)

Incident Response Forensics Analyst (m/f/d)

Frankfurt, Hesse, Germany (Frankfurt or Remote Germany)

At Arctic Wolf we are redefining the cybersecurity landscape and shaping the future of security operations. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. We have earned recognition on the Forbes Cloud 100, CNBC Disruptor 50, Fortune Future 50, and Fortune Cyber 60 lists and recently took home the 2024 CRN Product of the Year award. We are proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and earned a Customers Choice distinction from Gartner Peer Insights. Our Aurora Platform also received CRN’s Product of the Year award in the inaugural Security Operations Platform category.

Responsibilities

• Perform as an educated mid to senior‑level member of the Incident Response Forensics team and as part of the greater Arctic Wolf Incident Response team.
• Deep understanding of full life‑cycle cyber incident investigations from end‑to‑end (triage, image, log collections and analysis, EDR deployment, securing the environment, etc.).
• Apply technical and digital forensics expertise with the ability to analyze and identify IOCs, RPOC, vulnerabilities, threats, malware, malicious executables, etc. on Windows and Linux based systems (some macOS based system analysis experience is a plus).
• Assist with forensic acquisition and analysis from Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) environments.
• Demonstrate professional experience with host‑based and network‑based digital forensics and security.
• Conduct audits and peer review of incident reports when needed.
• Foster information sharing and collaboration among internal forensic analysts and restoration team members.
• Participate in weekday escalation and weekend/holiday on‑call schedules when needed.
• Actively participate in large‑scope, high‑impact cyber incidents and support managing Incident Response workflow and activities during incident response efforts with the client.
• Regularly communicate forensic findings and inquiries via email and calls directly with the client and/or counsel teams.
• Demonstrate a strong work ethic, self‑starter and self‑sufficient nature while meeting tight deadlines.
• Maintain professionalism, a positive attitude, and represent Arctic Wolf’s brand in the marketplace.
• Apply excellent verbal and written communication skills with an emphasis on customer service.
• Write high‑level and detailed technical and executive‑summary reports of digital forensic findings.

Qualifications

• Advanced progression and professional experience involving direct work with incident response cyber‑incident cases involving digital forensics, data preservation, configuration troubleshooting of networks, and general IT knowledge.
• Professional hands‑on experience with IR and forensics tools such as Magnet, Axiom, EnCase, FTK, X‑Ways, SIFT, Splunk, Redline, Volatility, Wireshark, tcpdump, and open‑source forensic tools.
• End‑to‑end understanding of engagements and steps within the IR workflow: initial triage, collections, imaging, securing and hardening of the environment, overall security posture, restoring/rebuilding systems, and getting the client functional.
• Can be relied upon as a trusted resource.
• Adept with supporting Microsoft Windows workstations and applications.
• Proficient with firewalls, VPNs, Active Directory, Group Policy, Linux and Windows systems.
• Professional work history and experience with hypervisors including ESXi / VMWare and Hyper‑V.
• Provide well‑thought‑out findings and professional guidance, both technical and non‑technical, to help customers re‑establish business operations.
• Excellent relationship‑management, customer‑service, communication skills across multiple formats (written, conference calls, in‑person/virtual meetings).
• Prior consulting experience within digital forensics or incident response.
• Preferred: Restoration and recovery experience such as promoting new domain controllers, seizing Flexible Single Master Operations (FSMO) roles, DNS troubleshooting, rebuilding System Volumes (SYSVOL), and rebuilding Distributed File System Replication (DFSR) or File Replication Service (FRS); expertise with rebuilding and recovering Exchange systems from Server 2010 onwards; proficiency with Active Directory/Exchange administration; familiarity with /recover server switch‑on setup, rebuilding virtual directories, repairing databases, and using recovery databases.
• Passionate about technology and customers, staying current on industry trends.
• Experience navigating networking issues related to firewalls and routers.
• Understanding of various backup solutions (VEEAM, Datto, Barracuda, etc.).

Security Requirements

• Conduct duties and responsibilities in accordance with AWN’s Information Security policies, standards, processes, and controls to protect the confidentiality, integrity, and availability of AWN business information (in accordance with the employee handbook and corporate policies).
• Background checks are required for this position.
• This position may require access to information protected under U.S. export‑control laws and regulations including the Export Administration Regulations (EAR). Please note that if applicable an offer for employment will be conditioned on authorization to receive software or technology controlled under these U.S. export‑control laws and regulations.

Ready to Make an Impact

Apply now with your resume and, if available, references or work samples. Join one of the fastest‑growing and most innovative cybersecurity companies in the world.

Equal Opportunity Employer

Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race, color, religion, sex, orientation, national origin, age, disability, genetics or any other basis forbidden under federal, provincial or local law. Arctic Wolf is committed to fostering a welcoming, accessible, respectful and inclusive environment, ensuring equal access and participation for people with disabilities. As such we strive to make our entire employee experience as accessible as possible and provide accommodations as required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing.