Degree in IT, Computer Science, or a Cybersecurity-related field
4+ years in DFIR, open to talented profiles with less seniority
GIAC certifications (GCFA, GCFR, or GNFA) are a distinct advantage
Strong communication skills in French and English (C1/C2 level)
Proven ability to handle high-pressure situations and prioritize
Deep understanding of enterprise IT ecosystems, lifecycles, and budgetary constraints
Deep understanding of adversary tactics and attack methodologies (TTPs)
Proven experience in root cause analysis and complex incident response scenarios
Strong understanding of networking principles and protocols (TCP/IP, DNS, SMTP, HTTP)
Proficiency in investigating environments across Google Cloud, AWS, and Azure
Ability to review and correlate raw log files (Firewall, Netflow, IDS, System logs)
Malware triage capabilities
Experience with network analysis tools (like Wireshark, tcpdump, Zeek or RITA)
Solid knowledge of legally defensible investigations and chain of custody
Proficiency in extracting and analyzing forensic artefacts across various operating systems
Hands-on experience with EDR/XDR solutions (Cortex XDR or CrowdStrike)
Proficiency with modern acquisition and triage tools (KAPE, Velociraptor, RedLine)
Ability to automate repetitive tasks using at least one scripting language (Python, PowerShell)

Incident Response – Digital Forensics Analyst

Key skills