Incident Response and Forensic Analyst, CSIRT Member

Swiss Post Cybersecurity provides security solutions to protect digital assets and data, all developed and operated in Switzerland. Formed in 2024 from terreActive and Hacknowledge, we are a Swiss Post subsidiary headquartered in Aarau, with offices in Morges, Zurich and Luxembourg. We enhance cyber resilience with Swiss precision and innovation.

With more than 150 employees, we pool our expertise and experience to drive cybersecurity forward. Join our growing team and defend the digital future with us!

We are looking for an Incident Response and Forensic Analyst to join our Incident Response Team immediately or by arrangement. The ideal candidate will bring solid expertise and experience to help protect our customers from cyberattacks.

Tasks

• Carify doubts about suspicious behaviors or confirmed incidents on workstations or information systems
• Assist clients in managing security incidents, including APTs, ransomware, BECs and more
• Conduct proactive threat hunting to identify past or ongoing compromises
• Build and deliver training sessions in academic or professional environments
• Lead kickoff meetings and present clear and actionable analyses to clients (primarily in French or English)
• Provide pragmatic recommendations, such as developing reconstruction plans for compromised environments
• Enhance team expertise by enriching methodologies, sharing research (tools/articles/insights), and developing/testing tools
• Collaborating closely with the SOC to improve real-time detection capabilities
• Promote CSIRT activities through impactful publications
  
  
  

Requirements

• At least 3 years in SOC/CERT environment (including 2 years in participating in CSIRT/CERT activities) or handling advanced cyber threats (APTs, ransomware, BECs, etc.)
• Deep understanding of operating system internals and/or reverse engineering techniques such as Windows systems (e.g Win32API or internals), Active Directory, with GNU\Linux systems etc
• Familiarity with incident response tools and processes (e.g., Velociraptor, KAPE, Plaso).
• Proficiency in scripting or development to automate repetitive tasks such as intrusion detection scenarios
• Strong verbal and written communication skills in French (C1) and English (C1). German is a plus
• Bonus: Familiarity with MacOS, mobile forensics (Android/iOS), or public cloud environments (Azure/AWS/GCP) is a plus
• Swiss residents only and willing to participate in 24x7 on-call duty, with potential emergency travel to specific locations.
• Bachelor’s or Master’s degree in a relevant field and/or certifications are a plus
  
  
  

Benefits

• Independent work in a small, well-coordinated team
• A central location in Morges with facilities all over Switzerland
• Flexible working hours and remote work options
• Time and budget for targeted internal and external training
  
  
  

We are filling this position without the help of external recruitment agencies.