Senior Digital Forensics and Incident Response Consultant in Birmingham

NTT DATA is one of the world’s largest global security service providers, partnering with some of the most recognized security technology brands. We’re looking for passionate, curious, and motivated individuals to join our team. Using your advanced expertise in digital forensics, incident response, and cyber threat investigation, you will lead complex DFIR engagements, conduct advanced forensic analysis across diverse platforms, and provide authoritative guidance during major security incidents. You will work independently on sophisticated investigations, coordinate multi-disciplinary incident response activities, and deliver expert testimony and forensic reporting while mentoring junior investigators and analysts. This position offers hybrid flexible working options. Please note, you will need to be eligible for SC clearance.

Advanced Digital Forensic Investigations

• Lead complex digital forensic investigations across Windows, Linux, macOS, mobile, and cloud platforms
• Conduct advanced disk, memory, network, and malware forensic analysis with minimal supervision
• Perform forensically sound evidence acquisition from diverse systems and environments
• Analyze complex attack chains, lateral movement, and advanced persistent threat activities
• Reconstruct incident timelines and attacker methodologies from forensic artifacts
• Provide expert forensic analysis for legal proceedings, regulatory investigations, and internal reviews

Incident Response Leadership

• Lead major incident response engagements for sophisticated cyber attacks and data breaches
• Coordinate multi-team incident response activities across technical, legal, and business stakeholders
• Perform advanced threat hunting, containment, eradication, and recovery activities
• Develop and execute incident response strategies for complex security events
• Interface with executive leadership, legal counsel, and regulatory bodies during major incidents
• Conduct post-incident reviews and develop remediation roadmaps

Malware Analysis and Reverse Engineering

• Conduct static and dynamic malware analysis on sophisticated threats and custom malware
• Perform reverse engineering of malicious code to understand capabilities and attribution
• Analyze exploitation techniques, persistence mechanisms, and command and control infrastructure
• Develop indicators of compromise (IOCs) and detection signatures from malware analysis
• Document malware behavior, capabilities, and remediation procedures
• Contribute to threat intelligence with malware analysis findings and IOCs

Cloud and Container Forensics

• Lead forensic investigations in cloud environments including AWS, Azure, and GCP
• Conduct container and Kubernetes forensic analysis for cloud-native incidents
• Analyze cloud logs, API calls, and identity activity for security investigations
• Perform forensic acquisition and analysis of cloud workloads and serverless environments
• Investigate cloud-specific attack vectors including misconfigurations and identity compromise
• Develop cloud forensic methodologies and investigation playbooks

Threat Intelligence and Attribution Analysis

• Analyze threat actor tactics, techniques, and procedures (TTPs) using MITRE ATT&CK framework
• Conduct threat attribution analysis based on forensic artifacts and intelligence sources
• Correlate internal incident data with external threat intelligence feeds
• Identify advanced persistent threat campaigns and targeted attack patterns
• Develop tactical and strategic threat intelligence from investigation findings
• Share threat intelligence with industry partners and information sharing communities

Expert Witness and Legal Support

• Provide expert witness testimony in legal proceedings and regulatory investigations
• Prepare forensic reports meeting legal and regulatory evidentiary standards
• Work with legal teams on e-discovery, litigation support, and regulatory response
• Maintain chain of custody and forensic integrity throughout investigations
• Present technical findings to non-technical audiences including courts and regulators
• Support law enforcement and regulatory agencies with cyber investigations

Advanced Digital Forensics Expertise

• Mastery of forensic analysis across multiple operating systems (Windows, Linux, macOS, mobile)
• Expert knowledge of disk forensics, file system analysis, and data recovery techniques
• Advanced memory forensics and volatile data analysis capabilities
• Deep understanding of network forensics and packet analysis for investigations
• Comprehensive knowledge of cloud forensics and container investigation techniques

Forensic Tools and Platforms

• Memory forensics: Volatility, Rekall, WinDbg, memory imaging tools
• Network forensics: Wireshark, NetworkMiner, Zeek, tcpdump, packet analysis
• Malware analysis: IDA Pro, Ghidra, OllyDbg, x64dbg, Cuckoo Sandbox, REMnux
• Mobile forensics: Cellebrite, Magnet AXIOM, iOS and Android forensic tools

Incident Response and Threat Hunting

• SIEM and logging: Splunk, ELK Stack, Azure Sentinel, log analysis and correlation
• Threat hunting: YARA rules, Sigma rules, threat hunting frameworks and methodologies

Incident Management and Communication

• Senior-level communication with executives, legal teams, and regulatory bodies
• Crisis management and calm leadership during high-pressure security incidents
• Ability to translate complex technical findings into business impact assessments
• Coordination of cross-functional teams during major incident response
• Presentation skills for delivering findings to diverse stakeholder audiences

Certifications Required

• GCFA (GIAC Certified Forensic Analyst) or GCFE (GIAC Certified Forensic Examiner) - Mandatory
• GREM (GIAC Reverse Engineering Malware) or CHFI (Computer Hacking Forensic Investigator) - Preferred
• GCIH (GIAC Certified Incident Handler) or ECIH (EC-Council Certified Incident Handler) - Preferred
• EnCE (EnCase Certified Examiner) or vendor forensic tool certification - Beneficial
• Eligible: UK SC security clearance (DV clearance advantageous)

Education

• Bachelor’s degree in Computer Science, Digital Forensics, Cybersecurity, Computer Engineering, or related field
• Master’s degree in Digital Forensics or Cybersecurity preferred
• Advanced professional certifications in digital forensics and incident response

Experience

• 6+ years of progressive experience in digital forensics, incident response, or cyber investigations
• 3+ years leading complex forensic investigations and major incident response engagements
• Proven track record conducting forensic analysis for legal proceedings or regulatory investigations
• Experience with advanced threat actors, APT investigations, or nation-state incidents
• Hands-on expertise with enterprise EDR, SIEM, and forensic analysis platforms

Strategic Responsibilities

• Lead major incident response operations and forensic investigations
• Develop forensic methodologies and incident response playbooks
• Provide expert guidance during crisis situations and security breaches

Who we are

We’re a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues and clients on exciting projects.

Inclusion

Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network.

What we’ll offer you

We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options.

Equal Opportunity Statement

We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer – we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team.