The team you'll be working with: This position is Hybrid flexible working options. Please note, you will need to be eligible for SC clearance NTT DATA is one of the world's largest global security service providers, partnering with some of the most recognized security technology brands. We're looking for passionate, curious, and motivated individuals to join our team. Using your advanced expertise in digital forensics, incident response, and cyber threat investigation, you will lead complex DFIR engagements, conduct advanced forensic analysis across diverse platforms, and provide authoritative guidance during major security incidents. You will work independently on sophisticated investigations, coordinate multi-disciplinary incident response activities, and deliver expert testimony and forensic reporting while mentoring junior investigators and analysts. What you'll be doing: Lead complex digital forensic investigations and major incident response engagements. Conduct advanced forensic analysis, coordinate multi-disciplinary IR activities, provide expert testimony, and mentor junior investigators. KEY RESPONSIBILITIES Forensic Investigations & Incident Response Lead complex forensic investigations across Windows, Linux, macOS, mobile, and cloud platforms Conduct advanced disk, memory, network, and malware forensic analysis Lead major IR engagements for sophisticated cyber-attacks and data breaches Coordinate multi-team IR activities across technical, legal, and business stakeholders Perform threat hunting, containment, eradication, and recovery activities Reconstruct attack chains, lateral movement, and APT activities Malware Analysis & Cloud Forensics Conduct static/dynamic malware analysis and reverse engineering Lead forensic investigations in AWS, Azure, and GCP environments Analyze cloud logs, API calls, and container/Kubernetes incidents Develop IOCs and detection signatures Expert Witness & Legal Support Provide expert witness testimony in legal proceedings Prepare forensic reports meeting legal and evidentiary standards Work with legal teams on e-discovery and regulatory response Maintain chain of custody and forensic integrity Threat Intelligence Analyze threat actor TTPs using MITRE ATT&CK framework Conduct threat attribution analysis and identify APT campaigns What experience you'll bring: Experience: 6 years in digital forensics/incident response | 3 years leading complex investigations and major IR engagements | APT or nation-state incident experience Technical Expertise Forensics: EnCase, FTK, X-Ways, Autopsy, Volatility, Wireshark Malware: IDA Pro, Ghidra, Cuckoo Sandbox, REMnux Mobile: Cellebrite, Magnet AXIOM EDR: CrowdStrike, Carbon Black, Microsoft Defender, SentinelOne SIEM: Splunk, ELK Stack, Azure Sentinel IR Tools: Velociraptor, KAPE, GRR Rapid Response Cloud: AWS CloudTrail, Azure Monitor, GCP Cloud Logging Deep Knowledge: Windows internals, file systems (NTFS, ext4, APFS), malware techniques, cloud forensics Mandatory Certification: GCFA or GCFE Preferred: GREM, CHFI, GCIH, ECIH, or EnCE KEY COMPETENCIES Senior-level communication with executives, legal teams, and regulators | Crisis management during high-pressure incidents | Independent problem-solving | Mentoring junior analysts Who we are: We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is genuinely changing the world. Our advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. Our inclusive work environment prioritises mutual respect, accountability, and continuous learning for all our people. This approach fosters collaboration, well-being, growth, and agility, leading to a more diverse, innovative, and competitive organisation. We are also proud to share that we have a range of Inclusion Networks such as: the Women's Business Network, Cultural and Ethnicity Network, LGBTQ & Allies Network, Neurodiversity Network and the Parent Network. For more information on Diversity, Equity and Inclusion please click here: Creating Inclusion Together at NTT DATA UK | NTT DATA (https://uk.nttdata.com/creating-inclusion-together) what we'll offer you: We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensure that there are continuous growth and development opportunities for our people. We also offer the opportunity to have flexible work options. You can find more information about NTT DATA UK & Ireland here: https://uk.nttdata.com/ We are an equal opportunities employer. We believe in the fair treatment of all our employees and commit to promoting equity and diversity in our employment practices. We are also a proud Disability Confident Committed Employer - we are committed to creating a diverse and inclusive workforce. We actively collaborate with individuals who have disabilities and long-term health conditions which have an effect on their ability to do normal daily activities, ensuring that barriers are eliminated when it comes to employment opportunities. In line with our commitment, we guarantee an interview to applicants who declare to us, during the application process, that they have a disability and meet the minimum requirements for the role. If you require any reasonable adjustments during the recruitment process, please let us know. Join us in building a truly diverse and empowered team. Back to search Email to a friend Apply now