Incident Responder

Be part of a market-leading,
cutting-edge team


Senior Incident Responder

We are expanding and therefore searching for a Senior Incident Responder who also excels in other areas within it security consultancy and who wants to work within a market-leading, cutting-edge team. This full time position is currently open in our Security Analytics Centre and consultancy department, located in Copenhagen, Denmark.

Key functions / role

The primary focus is to be part of CSIS Incident Response Team. The team assist clients with everything from the small ransomware case to the targeted threats and compromises of entire large networks comprised of tens of thousands of machines. The job will also include various consultancy related task including, but not limited to, penetration testing, advising clients on windows security and giving recommendations on how to harden a network. Furthermore, you should be prepared to assist in our Security Analytics Centre as Tier 3 analyst.

The ideal candidate

You have at least 10 years of technical experience and have previously worked on large scale intrusion investigations. You know how to find the needle in the haystack, and are passionate about helping the customer to assess incidents, secure the network, find the breech or point of entry, and get the client back to running their business.

You should be able to travel at short notice, and be part of an on-call 24/7/365 duty plan. We have a full team of malware reversers standing by to help you with any malicious code you find, so reversing is not a requirement.

Required technical knowledge and practical experience

  • Knowledge of both Windows and Linux security
  • Computer forensics
  • Penetration testing
  • Understanding of business demands
  • Used to writing concise incident reports, with recommendations
  • Familiar with incident response processes
  • Knowledge of enterprise network setups, network and windows domain
  • Several years of IR experience from a previous position (either in a large enterprise or as a consultant)
  • Good verbal and written communication skills in English.

Bonus points given for

  • Relevant degree or certification(s) (BSc, MSc, GIAC (GCIH, GCIA, GPEN, GCFA), OSCP)
  • Good communication skills in Danish
  • Knowledge of Carbon Black response
  • Knowledge of Darktrace
  • Knowledge of using a SIEM system (qradar, logpoint etc.)
  • Network forensics
  • Memory forensics
  • Experience in code review (.net, c#, php)
  • Experience with large scale intrusions (10.000+ devices)
  • Consulting experience
  • Translate IT security risk into business risk and present to non-technical people


The successful candidate must be able to pass a background investigation. Relocation to Denmark will be required if the successful candidate is currently located elsewhere.

How to apply

Please email your resume and a cover letter to HR Manager, Amalie Winterberg at

Additional information about this position

Please contact Mathias Puggaard Nøhr, Head of Consultancy, SAC and Incident Response at