Details of the offer for NCIDENT RESPONSE AND FORENSICS ANALYST ( DFIR ) M/W about forensics at Digital Security in Paris

Attached to CERT-DS, you join a dynamic and experienced team. As part of the development of its DFIR activities and the PRIS approach, CERT is looking for an incident response analyst to strengthen its team.

The job description includes all or part of the following activities, depending on the suitability of the person, their skills and their appetites:

- Position of Technical Leader and Team Leader on DFIR activities within the team;
- Conduct and performance of incident response missions, for at least one of the activities provided for in PRIS (technical management, system analysis, network analysis, malicious code analysis);
- Participation in the development and maintenance of internal and external tools for incident response needs (malware network, analysis tools, Threat Hunting, etc.), with the support of our CTI manager;
- Participation in specific missions, implementing techniques related to the DFIR (example: reverse engineering, vulnerability research, etc.);
- Animation of training sessions around the DFIR: we focus at CERT level on delivering training with high technical value (example with CODEX, COnnected DEvice Exploitation);
- Interactions with the incident response ecosystem (inter-CERT exchanges);

- If the person's interest, possibility of developing and being trained in hardware & software reverse engineering on IoT and OT, as well as performing penetration tests.

In addition, our departmental culture includes from the start:
- Exchanges and participations within the different communities; we encourage and give the means to those who wish it to carry out technical conferences, to give courses in schools, to organize CTFs, to participate in Bug Bounty programs, etc;
- Training: beyond participation in conferences, we set up a training program adapted to the expectations of technical profiles: access to professional training and skills development platforms, recognized training courses, etc. The possibility is also offered to develop, assist or animate internal training, in addition to workshops regularly organized for the sharing of feedback.


You have between 3 and 5 years of experience in a similar position.

You have a real appetite for technical subjects related to cyber attacks and / or incident response (SOC, CERT, forensics, CTI ...).
You demonstrate analytical mind, curiosity, pragmatism, rigor, strength of proposal, and writing skills.
You are certified or aim for a GCIH, GCFA, GCFE, GCIA certification; WITHOUT 408, 504, 508, 572, 610.
* This position can be scalable and include team management if this aspect interests you.