At WithSecure™, we protect businesses all over the world. Our SaaS solutions safeguard against modern cyber threats, and our innovative Co-security approach reflects our belief that true protection requires collaboration and shared expertise. No one can solve every cyber security problem alone. Our vision is to become Europe’s flagship in cyber security. Every day, our talented teams work to prevent cyber extortion, secure critical infrastructure, and prevent misuse of sensitive data. At WithSecure, it’s our people who make us exceptional – a diverse community that values passion, purpose, and a commitment to workplace well-being. If you’re ready to make an impact with a company that’s transforming cybersecurity, we’d love to hear from you.

What You’ll Do

You will serve as the senior authority during cyber incidents, driving the technical direction of investigations, managing client relationships, and ensuring consistent, high-quality delivery of IR engagements. This position requires a rare blend of hands-on forensics expertise, strategic incident management, and leadership capability to guide both internal teams and external clients through the most critical moments of a breach.

Technical Leadership & Investigation

·Lead and conduct advanced forensic investigations across on-premise, endpoint, and cloud environments, including evidence preservation, acquisition, and deep-dive analysis.

·Perform end-to-end IR engagements — from initial triage to containment, eradication, and recovery — ensuring technical accuracy and timeliness under pressure.

·Analyze volatile memory, disk images, logs, and network artifacts to reconstruct attacker activity, identify root causes, and support attribution efforts.

·Develop and refine IR methodologies, tools, and procedures to ensure consistent, high-quality investigative outcomes.

·Perform reverse engineering or static/dynamic malware analysis when necessary to identify persistence mechanisms, IOCs, and attack chains.

·Lead incident scoping calls and technical briefings with clients to define engagement objectives, data sources, and investigation timelines.

·Oversee the creation of comprehensive, technically detailed IR and forensic reports, including executive summaries and evidential documentation suitable for legal contexts.

Team & Client Leadership

·Manage and mentor a team of incident responders and forensic analysts, fostering skill growth, collaboration, and operational excellence.

·Act as the escalation point for critical investigations, ensuring alignment between technical, operational, and business objectives.

·Engage directly with clients during high-impact incidents, providing expert guidance and technical clarity in high-stress situations.

·Collaborate with sales and delivery teams on scoping, pricing, and project management aspects of IR engagements, ensuring commercial success and client satisfaction.

Innovation & Continuous Improvement

·Evaluate and implement new forensic and IR technologies, integrating automation and advanced analytics where appropriate.

·Stay ahead of emerging attack vectors, digital evidence sources, and evolving adversary tactics.

·Contribute to knowledge sharing, post-incident reviews, and lessons-learned exercises to enhance team maturity and client resilience.

Required Skills & Experience

·7+ years of hands-on experience in Incident Response and Digital Forensics, including direct involvement in complex, high-severity cyber incidents.

·Proven experience in leading or managing IR/Forensics teams, ideally in a consulting or client-facing environment.

·Expert knowledge of forensic acquisition and analysis techniques for Windows, Linux, macOS, mobile, and cloud platforms.

·Deep understanding of operating system internals, file systems, memory structures, and log analysis.

·Strong knowledge of malware analysis, threat actor TTPs, and frameworks like MITRE ATT&CK.

·Demonstrated experience handling investigations involving ransomware, insider threats, data breaches, and targeted intrusions.

What will you get from us

· Competitive remuneration (plus overtime and on-call allowances)

· Research time

· Fully funded certifications

· The opportunity to lead investigations into some of the most significant cyber incidents globally.

· Client variety, work across technologies, sectors and industries, tackling diverse and challenging cases.