Be part of a market-leading,
cutting-edge team


Incident responder

We are expanding and therefore searching a senior incident responder who also excels in other areas within it security consultancy and who wants to work within a market-leading, cutting-edge team.

This full time position is currently open in our Security Analytics Centre and consultancy department, located in Copenhagen, Denmark.

Key functions / role:

The primary focus is to be part of CSIS incident response team. The team assist clients with everything from the small ransomware case to the targeted threats and compromises of entire large networks comprised of tens of thousands of machines. The job will also include various consultancy related task including, but not limited to, penetration testing, advising clients on windows security and giving recommendations on how to harden a network. Furthermore, you should be prepared to assist in our Security Analytics Centre as Tier 3 analyst.

The ideal candidate:

Has atleast 10 years of technical experience and was worked with large scale intrusion previously. Has the technical knowledge on how to find the needle in the haystack. Is passionate about helping the client to assess the incident; secure the network; find the breech or point of entry, and last but not least get the client back to running their business.

We have a full team of reversers standing by to help you with any malicious code you find, so reversing is not a requirement.

Minimum qualifications:

Required technical knowledge and practical experience in the areas below:
- Knowledge of both Windows and Linux security
- Computer forensic
- Penetration testing
- Understand business demands
- Used to writing concise incident reports, with good recommendations
- Incident response process
- Knowledge of enterprise network setups, network and windows domain.
- Be available to travel with short notice
- Be part of an on-call 24/7/365 duty plan
- Several years of IR experience from previous job (either in large enterprise or as a consultant)
- Good verbal and written communication skills in English

Bonus points given for:
• Relevant degree or certification(s) (BSc, MSc, GIAC (GCIH, GCIA, GPEN, GCFA), OSCP)
• Good communication skills in Danish
• Knowledge of Carbon black response
• Knowledge of Darktrace
• Knowledge of using a SIEM system (qradar, logpoint etc.)
• Network forensics
• Memory forensics
• Experience in code review (.net, c#, php)
• Experience with large scale intrusions (10.000+ devices)
• Consulting experience
• Translate IT security risk into business risk and present to non-technical people

Candidate must be able to pass a background investigation.
Relocation to Denmark will be required if the successful candidates is currently located elsewhere.


To apply for this position, please e-mail your resume and a cover letter to: 
HR Manager, Amalie Winterberg at

Please use below S/MIME certificate if you want to send information encrypted.

Additional information about this position:
Please contact Mathias Puggaard Nøhr, Head of Consultancy, SAC and Incident Response: (remove underscores).