Senior Analyst in Incident Response and Digital Forensics (DFIR)

About the job

To strengthen our incident response team based in Switzerland, we are looking for a Senior Analyst specialized in Digital Forensics and Incident Response (DFIR). The position is located in Morges and is aimed at an experienced professional capable of handling complex security incidents while providing strategic insight to client organizations.

This role combines advanced technical expertise, operational coordination, and management of critical situations. The candidate will directly participate in technical investigations while supervising the activities of other analysts during interventions.

Alongside operational activities, the position contributes to the development of the local CSIRT's capabilities, improving intervention methods, and evolving the services offered.

Conduct comprehensive investigations during security incidents affecting enterprise environments.

Identify the origin, scope, and impact of compromises.

Define and support remediation and containment actions.

Intervene in sensitive or critical contexts requiring responsiveness and composure.

Lead analysis activities carried out by analysts during multi-stakeholder interventions.

Monitor task progress and ensure the coherence of investigations.

Ensure the technical quality of analyses and recommendations produced.

Perform in-depth analyses on various digital media and systems.

Collect and analyze artifacts from systems, networks, or cloud environments.

Also engage in digital forensic missions independent of active incidents.

Write and validate detailed technical reports intended for clients.

Produce deliverables usable by technical and decision-making audiences.

Ensure the accuracy of language used, especially in contexts that may have legal implications.

Participate in preventive activities aimed at improving incident detection and response capabilities.

Contribute to the improvement of logging systems, response procedures, and crisis management plans.

Conduct simulation exercises for technical incidents or crises.

Participate in the evolution of investigation methods and internal tools.

Contribute to the structuring and operational maturity of the local CSIRT.

Identify areas for improvement in detection and response.

Provide technical support during proposals or presentations to clients.

Participate in the skill development of junior analysts through experience sharing and training.

Take part in the on-call system to respond to critical incidents outside working hours.

Degree in computer science, cybersecurity, or equivalent technical field.

Significant experience in incident response and digital investigations.

About 4 years or more of DFIR experience is appreciated, but profiles demonstrating strong technical autonomy may be considered.

Specialized certifications in forensic or incident response (e.g., GIAC GCFA, GCFR, GNFA) are an advantage.

Excellent command of French and English, both written and spoken.

Knowledge of German is a plus.

Good knowledge of attack techniques and methods used by adversaries.

Ability to conduct in-depth analyses to identify the causes of an incident.

Solid understanding of enterprise IT architectures and complex environments.

Mastery of common network protocols (TCP/IP, DNS, HTTP, SMTP, etc.).

Analysis and correlation of technical logs from various sources (firewalls, NetFlow, IDS, system logs).

Knowledge of malware analysis principles.

Experience analyzing public cloud environments (Google Cloud, AWS, Azure).

Familiarity with Kubernetes or OpenStack is an additional asset.

Use of network analysis tools such as Wireshark, tcpdump, Zeek, or RITA.

Ability to extract and analyze forensic artifacts on different operating systems.

Knowledge of legal requirements related to digital investigations and evidence management.

Operational use of EDR/XDR solutions for detection, investigation, and incident response.

Mastery of forensic acquisition and triage tools (e.g., KAPE, Velociraptor, RedLine).

Ability to automate technical tasks and analyze data via scripts (Python, PowerShell, or equivalent).

Step {{curStepInMandatorySecPrompt}}/{{totalNumOfStepsInMandatorySecPrompt}}