Incident Response / Forensic Analyst (optional Ransomware Responder) 

Incident Response/Forensic Analyst (optional Ransomware Responder)

Amsterdam, Netherlands
April 2018

Kivu Consulting is a leading US computer forensics and investigations firm, with an office in Amsterdam. We seek an experienced cyber investigator to join Kivu’s incident response/ data breach team. While the position will be based the Netherlands, the position will work closely with analysts based in Kivu’s US and Canada offices.  More details about Kivu can be found at www.kivuconsulting.com.

Our team of experts covers a wide range of assignments, including:

• Analyzing data breaches, determining the cause and extent of data loss, and advising on immediate and long-term remediation;

• Briefing and/ or testifying before regulators and law enforcement on breach response and best practices;

• Handling complex computer forensics investigations and providing expert witness testimony in theft of trade secret cases, employee malfeasance, and DOJ/ FTC actions;

• Providing network and IT systems audits, and advising on improving IT security.

The Forensic position will cover a wide area of assignments and forensic tasks, including:

• Analyzing data breaches in Europe and North America, provide forensic support to Kivu’s teams in Europe and North America in determining the cause and extent of data loss, and provide feedback to Kivu case managers.

• Writing detailed forensic reports in Dutch or English and updating Kivu case managers.

• Carrying out forensic research on new types of attacks.

• Constantly seeking ways to improve Kivu’s current forensic and data breach procedures.

The right candidate will be obsessed with accuracy but still able to get relevant results to clients ahead of schedule; be able to triage multiple cases; and function in a highly confidential environment.

The position requires being part of a team and interacting remotely with Kivu’s analysts in the US and Canada. By the nature of Incident Response, the work often takes place outside normal working hours and onsite at client premises.  The right candidate will also play an active role in business strategy and long-term development of Kvu in Europe.

Ransomware Response

Kivu is the leading forensics firm responding to ransomware attacks. The right candidate will have the chance to work with Kivu’s ransomware response team and develop some or all of the following skills:

• Negotiating with attackers

• Malware analysis

• Providing advice to organizations on remediation and data recovery

• Advising on ransom payments using cryptocurrencies

Requirements:

1. At least 2 years’ professional experience in forensics, network/cyber investigations, incident response or related InfoSec experience

2. Working knowledge of forensic tools (e.g. Encase, FTK)

3. Experience with Unix, Linux, Mac, and Windows systems a plus, and an admin level understanding of networking, firewalls, and the various protocols involved in data sharing and communications

4. Working knowledge of current data collection, storage, and chain of custody best practices

5. Excellent reporting skills (both written and verbal – Dutch and English)

6. Experience presenting findings and recommendations to C-level executives, law enforcement, and outside counsel

The following experience, while not required, would be strong bonuses:

1. At least one of the following certifications (or equivalent): GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst (GCIA); GIAC Reverse Engineering Malware (GREM); GIAC Certified Forensic Analyst (GCFA); GIAC Certified Forensic Examiner (GCFE); Encase Certified Examiner (EnCE)

2. Internet investigations and experience with the Dark Web

3. Experience with forensic analysis of Mac operating system devices and cellphones

4. A working knowledge of European languages in addition to Dutch and English

5. Working in a regulated sector (e.g. healthcare/ finance/PCI/ law enforcement)

6. Advanced working knowledge of network monitoring tools

7. Investigating/ analyzing security breaches in cloud storage and databases

8. Budgeting and executing IT risk assessments and security audits

9. Data center / Server room experience

10. Experience presenting at conferences or at business development meetings

11. Malware reverse engineering skills, including the ability to read assembly code and determine its operability with common operating systems, and the ability to use debug tools and disassembly software tools. Virtual Machines – experience using and trouble-shooting virtual machines

To Apply:

If you are interested in inquiring about this position, please submit your resume and a detailed cover letter outlining how your skills fit the position to wkrone@kivuconsulting.com

Winston Krone, Esq.

Global Managing Director

Kivu Europe

Weteringschans 165 C

1017XD Amsterdam

Tel US: +1.415.524.7322

Tel NL: +31(0)20.888.5655

E: wkrone@kivuconsulting.com