International Digital Forensics and Incident Response (DFIR) Expert in Reading

Mastek is seeking an experienced DFIR Expert to support global cyber resilience programmes—helping clients prepare for, respond to, and recover from sophisticated cyber incidents. This is a critical role for professionals who thrive in high-pressure environments, combining hands-on incident response, forensic investigation, and resilience improvement. The International DFIR Expert will provide specialist capability across digital forensics, incident response and cyber incident management for international cyber resilience engagements. The role supports clients in preparing for, responding to, investigating and recovering from cyber incidents, while improving resilience, reducing operational impact and strengthening future defensive capability.

Key responsibilities

• Lead or support end-to-end incident response activities, from triage and containment through investigation, recovery and lessons learned.
• Conduct or support digital forensic examinations across endpoints, servers, cloud platforms and enterprise systems in line with forensic principles and evidential handling requirements.
• Develop, review and improve incident response plans, escalation routes, playbooks, tabletop exercises and crisis procedures.
• Investigate cyber incidents including unauthorised access, malware, insider activity, data compromise and operational disruption events.
• Produce clear incident reports, technical findings, root cause analysis and remediation recommendations for technical and non-technical stakeholders.
• Support resilience improvement by identifying control weaknesses, improving playbooks, influencing tooling and recommending post-incident hardening measures.
• Work closely with security operations, engineering, legal, risk and client leadership teams during high-pressure incident situations.
• Support threat hunting, detection improvement and maturity development for incident response and forensic capability.

Essential qualifications and experience

• Degree in Cyber Security, Digital Forensics, Computer Science, Information Security or a related discipline.
• Strong hands-on experience in digital forensics, incident response, cyber investigations or advanced security operations.
• Experience handling security incidents across enterprise or cloud environments and producing high-quality investigation outputs.
• Good understanding of forensic processes, evidential integrity, attacker techniques and post-incident recovery.
• Strong analytical, technical writing and stakeholder communication skills.
• Ability to operate calmly and credibly during high-severity incidents.

Desirable certifications

• GCIH, GCFA, GNFA, GDAT, CHFI, CREST-aligned certifications, CISSP, CISM or equivalent DFIR / incident response qualifications.
• Experience with forensic and investigation tools such as EnCase, FTK, Autopsy, Volatility, Wireshark, SIEM / EDR / XDR platforms and scripting in Python, PowerShell or Bash.
• Knowledge of cyber incident planning, operational resilience and business continuity practices.

Security and suitability requirements

• Must be eligible for BPSS as a minimum; CTC or SC eligibility highly desirable for government and secure environments.
• Must be able to handle sensitive and potentially evidential material professionally and in line with policy.
• Willingness to travel internationally where required and support culturally sensitive client engagements.

Why Join Mastek: Make a Difference That Matters

Mastek is a purpose-driven organisation where the work you do makes a real difference, particularly across the public and health sectors. You’ll have the opportunity to work on complex, meaningful programmes that impact communities and improve public services. We offer a collaborative and supportive working environment that encourages innovation, learning, and professional growth. At Mastek, people are trusted to contribute ideas, challenge thinking, and work together to deliver the best outcomes. We value diversity and believe that different experiences, backgrounds, and perspectives lead to better solutions. Even if you don’t meet every requirement, we encourage you to apply — your skills and experiences may be exactly what we are looking for. Mastek is an equal opportunities employer and is committed to building an inclusive and diverse workforce. We welcome applications from all suitably qualified candidates, regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, or sexual orientation. If you require any reasonable adjustments or additional support during the recruitment process, please let us know.