Kivu Consulting is a leading US computer forensics and investigations firm, with an office in Amsterdam. We seek an experienced cyber investigator to join Kivu’s incident response/ data breach team, focusing on EU clients. While the position will be based in the Netherlands, the position will work closely with analysts based in Kivu’s US and Canada offices. More details about Kivu can be found at www.kivuconsulting.com.
Our team of experts covers a wide range of assignments, including:
Analyzing data breaches, determining the cause and extent of data loss, and advising on immediate and long-term remediation;
Briefing and/ or testifying before regulators and law enforcement on breach response and best practices;
Handling complex computer forensics investigations and providing expert witness testimony in theft of trade secret cases, employee malfeasance, and DOJ/ FTC actions;
Providing network and IT systems audits and advising on improving IT security.
The position will cover a wide area of assignments and forensic tasks, including:
Analyzing data breaches in Europe and North America, provide forensic support to Kivu’s teams in Europe and North America in determining the cause and extent of data loss, and provide feedback to Kivu case managers.
Responding to clients directly and providing immediate technical remediation advice by phone or in person
Writing detailed forensic reports in Dutch or English and updating Kivu case managers.
Providing risk assessment and preventative services, in collaboration with Kivu’s team in the US.
Carrying out forensic research on new types of attacks.
Constantly seeking ways to improve Kivu’s current forensic and data breach procedures.
We’re looking for a motivated candidate with 5-8 years’ experience in the following areas:
Managing Incident Response and Computer Forensics cases.
Risk / Security Assessments, Incident Response Plan Development and Tabletop Exercises.
Demonstrated experience in completing all phases of a Security/ Risk Assessment including:
Handling web application exploitation, server and client-side attacks, and protocol subversion
Experience with different scanning tools such as Nessus, Burp Suite and others.
Extensive knowledge in computer networks, hardware, communications and connectivity.
Experience with scan/assessment tools within frameworks such as Metasploit and Core Impact.
Excellent reporting skills (both written and verbal – Dutch and English) and experience writing technical reports.
Experience with Unix, Linux, Mac, and Windows systems a plus, and an admin level understanding of networking, firewalls, and the various protocols involved in data sharing and communications.
Working knowledge of current data collection, storage, and chain of custody best practices.
Experience presenting findings and recommendations to C-level executives, law enforcement, and legal counsel.
Preferred Skills and Qualifications:
BA in Cybersecurity, Computer Science, Information Security or other related fields.
Certifications in SANS, ENCE, OSCP/OSCE.
Familiarity with Windows, Linux, and Unix Systems.
Knowledgeable on encryption and encoding methods, communication protocols, and algorithms.
Familiarity with NIST frameworks including SP800-15.
The following experience, while not required, would be strong bonuses:
At least one of the following certifications (or equivalent): GIAC Certified Incident Handler (GCIH); GIAC Certified Intrusion Analyst (GCIA); GIAC Reverse Engineering Malware (GREM); GIAC Certified Forensic Analyst (GCFA); GIAC Certified Forensic Examiner (GCFE); Encase Certified Examiner (EnCE)
Internet investigations and experience with the Dark Web
Experience with forensic analysis of Mac operating system devices and cellphones
Working knowledge of European languages in addition to Dutch and English
Working in a regulated sector (e.g. healthcare/ finance/PCI/ law enforcement)
Advanced working knowledge of network monitoring tools
Investigating/ analyzing security breaches in cloud storage and databases
Budgeting and executing IT risk assessments and security audits
Datacenter / Server room experience
Experience presenting at conferences or at business development meetings
Malware reverse engineering skills, including the ability to read assembly code and determine its operability with common operating systems, and the ability to use debug tools and disassembly software tools. Virtual Machines – experience using and trouble-shooting virtual machines
The right candidate will be obsessed with accuracy but still able to get relevant results to clients ahead of schedule; be able to triage multiple cases; and function in a highly confidential environment.
The position requires being part of a team and interacting remotely with Kivu’s analysts in the US and Canada. While Kivu’s response model leverages Kivu’s analysts irrespective of location (e.g. a breach in Canada may include Kivu team members in the US, Europe and Canada), the right candidate will also be able to help build up and manage local forensic personnel in Europe. The right candidate will also play an active role in business strategy and long-term development of Kivu in Europe.
By the nature of Incident Response, the work often takes place outside normal working hours and onsite at client premises. Kivu personnel are expected to work outside office hours and, if necessary, travel at short notice.
Kivu is the leading forensics firm responding to ransomware attacks. The right candidate will have the chance to work with Kivu’s ransomware response team and develop some or all of the following skills:
Negotiating with attackers
Providing advice to organizations on remediation and data recovery
Advising on ransom payments using cryptocurrencies
If you are interested in inquiring about this position, please submit your resume and a detailed cover letter outlining how your skills fit the position to firstname.lastname@example.org
Winston Krone, Esq. - Global Managing Director
Weteringschans 165 C
Tel US: +1.415.524.7322
Tel NL: +31(0)20.888.5655