Senior Security Consultant – Incident Response

Do you want to be on the frontline when serious cyber incidents hit? You will lead complex investigations, guide customers through crises, and help shape our incident response services. You will join a highly skilled, collaborative team working with some of the most interesting and challenging cyber cases in the market.

Make a real impact in high‑stakes incidents

You will be part of a small, expert Incident Response team handling everything from ransomware to targeted attacks across large, complex environments. You will work closely with customers, helping them stay calm, informed and in control during critical situations. You will collaborate with specialists across MDR, Intelligence and Consulting, learn from unique cases, and contribute to the development of tools, methodologies and publications. At CSIS, we invest in your growth with dedicated training time, certifications, and peer learning - in an open, diverse and friendly culture built on “We commit, We care, We succeed together.”

When you join CSIS, you will get an interesting job in a company and an industry which is growing. You will get interesting challenges, that truly make a difference for our customers, and you will be able to take ownership for your work from start to finish. And you will not least get 130+ fantastic colleagues from all over the world. Besides that, you will get:

• Flexible work from home arrangements
• A competitive salary and personal benefit package
• 5 weeks holiday, plus 5 extra days off each year
• Health Insurance, a pension, plus life and disability insurance
• Healthy, varied lunches (incl. vegetarian and allergy options)
• Stocked refrigerators with soft drinks
• Lots of social activities and company events
• Paid mobile phone subscription and home internet

Your new job

In this client-facing role, you will lead major incident response engagements, support multiple customers, guide junior responders, and help clients strengthen their detection and response capabilities. You will work across diverse environments, industries, and technologies, making adaptability and strong communication essential.

Your responsibilities will be:

• Incident Response & Investigations (Client-Facing)
• Lead complex and high-severity incident response engagements for customers across varied infrastructures (on-prem, cloud, hybrid).
• Perform advanced forensic analysis across a variety of data sources (disk, memory, network, malware, cloud) and provide clients with clear, actionable findings.
• Coordinate response activities with client technical teams, management, and legal/compliance contacts.
• Develop accurate incident timelines, attribution assessments (where possible), and root-cause analyses.

• Customer Communication & Advisory
• Act as a trusted advisor to clients during and after incidents, providing guidance on containment, recovery, and long-term improvements.
• Deliver polished, professional technical reports and executive summaries for clients.
• Present findings to technical teams as well as to senior leadership and non-technical stakeholders.

• Preparedness, Consulting & Continuous Improvement
• Assist clients with incident readiness assessments, IR playbook creation, tabletop exercises, and contribute to CSIS’s MDR detection engineering.
• Contribute to development of internal incident response methodologies, tooling, and best practices.
• Mentor and guide junior team members during engagements and internal training.

About you

You are an experienced incident responder who remains calm and structured under pressure. You enjoy working closely with customers, translating complex technical issues into clear business language, and you value collaboration and knowledge sharing. You are curious, proactive and driven by making a real difference in the fight against cybercrime.

You bring most of the following:

• Qualifications & Technical Expertise
  • 5+ years of hands-on incident response experience, ideally in a consultancy, MSSP, DFIR, or CSIRT environment.
  • Proven track record leading multi-client or multi-environment incident investigations.
  • Deep knowledge of Windows, Linux, and Active Directory security.
  • Strong knowledge of network protocols and security
  • Strong experience with SIEM and EDR tools, including detection logic, log correlation, and threat analysis. Hands-on experience with Sentinel/Defender and CrowdStrike a plus.
  • Advanced digital forensics experience (memory, disk, log, network).
  • Familiarity with evidence handling, chain-of-custody standards, and forensic reporting.
  • Strong understanding of attack techniques and threat actor behaviours (MITRE ATT&CK).
  • Experience in cloud investigations (Azure/AWS/GCP logs, identity, telemetry).

• Consultancy-Specific Requirements
  • Ability to manage multiple parallel client engagements and prioritize effectively.
  • Excellent client-facing communication: confident, calm, and credible during crises.
  • Strong written documentation skills for both highly technical and non-technical readers.
  • Ability to scope engagements, set expectations, and represent the company professionally.

• Regulatory & Governance Knowledge
  • Familiarity with European cybersecurity requirements, especially NIS2, GDPR breach handling, and relevant ISO standards.
  • Ability to advise clients on improving governance, detection maturity, and incident readiness.

• Preferred Skills
  • Threat hunting experience or development of hunting hypotheses.
  • Scripting/automation (Python, PowerShell, Bash).
  • Experience in red team/purple team activities or adversary emulation.
  • Experience providing IR training or running tabletop exercises.

• Relevant Certifications (Highly Valued)
  • GIAC: GCIH, GCIA, GCFA, GCFE, GPEN, GNFA.
  • OSCP, CISSP, CISM, or cloud security certs (Azure/AWS/GCP).
  • Equivalent real-world experience also considered.

• Personal Competencies
  • Professional, customer-oriented communication style.
  • Ability to remain composed and decisive under pressure.
  • Strong analytical mindset with attention to detail.
  • Leadership qualities and ability to mentor junior responders.
  • Curiosity and passion for threat research, attacker behaviour, and continuous learning.

This is a 24/7/365 function — flexibility, out-of-hours work, on-call coverage and occasional travel is required.

Other conditions

• Security Clearance: As you may work with some of our public sector customers, a Security Clearance may be required.
• Relocation: The position could be based in Denmark or in the United Kingdom, where we have offices. Relocation can also be offered to Denmark if relevant.