Head of Digital Forensics & Incident Response practice

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses and citizens and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Each of us can help make the world a safer place. Join us!

The role and what makes the role special:

The Head of DFIR practice will lead the development and execution of digital forensics and incident response initiatives. This role involves overseeing incident response cases, managing a growing team, and ensuring efficient operations aligned with both regional and global standards.

The position offers significant independence in defining key metrics, operational processes, and methodologies while working in close collaboration with other business units, including SOC, Threat Intelligence, Investigations, and EDR Development.

Tasks to solve:

Strategic & Operational Oversight

• Design and implement DFIR workflows, engagement strategies, and best practices specific to the European market.
• Establish and refine rules of engagement, ensuring consistency across global DFIR teams.
• Define and monitor key performance indicators, including IRR, case volume, and billable hours, with the flexibility to introduce additional relevant metrics.
• Oversee the handling of major incident response cases and resource allocation.

Team Leadership & Development

• Build and manage a high-performing DFIR team in Europe, ensuring team members have clear roles and responsibilities.
• Develop and sustain a knowledge-sharing culture, encouraging collaboration and professional growth.
• Ensure effective resource utilization.
• Lead the hiring process for new DFIR team members, defining role requirements, participating in candidate selection, and ensuring smooth onboarding.
• Take initiative in shaping the strategic direction of DFIR operations and contribute to regional coordination efforts.
• Work closely with the Director of Services, Sales, and Pre-Sales teams to ensure alignment of business goals and service offerings.

Cross-Department Collaboration

• Strengthen relationships with internal teams, including SOC, Threat Intelligence, Investigations, and RedTeaming.
• Promote joint research, consulting initiatives, and knowledge-sharing efforts.
• Drive thought leadership through public research and industry contributions.

Budget & Resource Allocation

• Develop the DFIR budget for tools, training, certifications, and travel, subject to negotiation with the Head of Services and CRO.
• Identify and implement appropriate DFIR tools while aligning with global technology choices where possible.
• Support the continuous professional development of team members through certifications and training opportunities.

Qualifications:

• Extensive experience in DFIR, including leadership roles in cybersecurity organizations.
• Proven ability to scale teams, optimize operations, and deliver exceptional incident response services.
• Strong knowledge of DFIR methodologies, tools, and industry standards.
• Experience in budget planning and effective resource allocation.
• Ability to define, track, and drive performance metrics.
• Strong stakeholder management and interdepartmental collaboration skills.
• High-level decision-making skills in dynamic and high-pressure environments.
• Experience in public speaking, research, and publication of DFIR-related findings is an advantage.
• German native. Italian and/or French are plus.

Why GROUP-IB?

• Your happiness is important to us: We want every single team member to be happy.
• Continuing professional development: At Group-IB, you can choose from various paths to growth: progress as an expert, advance to a management position, try your hand in another department, relocate abroad, or launch a new business area.
• Group-IB.A team with extensive international expertise: Do you have experience but are looking for exciting challenges? By choosing us, you will be choosing complex tasks and continuously improving your skills in a fast-growing international company.
• Globally recognized technologies: Group-IB's members are located in 25 countries, and our products and services are sold in 60 countries. What’s more, Gartner, IDC, and Forrester have ranked our technologies among the best in their class. We work with over 450 international partners and about 500 clients.
• A culture created by each of us: Group-IB’s employees speak many different languages and understand one another. We respect each other's beliefs, share common values, and strive toward the happiness of every employee.
• Economic stability: Group-IB's sustainable growth helps rapidly develop careers that would take years to progress as far as most other companies.

What else should you know:

• Flexible schedule: Group-IB does not have fixed working hours. You choose your schedule. We adhere to the principle advocated by Steve Jobs: “We have to work not 12 hours and head. ”Health: If anything goes wrong, don’t worry — we offer health insurance.
• Certificates and training courses: Group-IB specialists hold over 1,000 professional certificates, including CEH, CISSP, OSCP, GIAC, MCFE, BSI, as well as some rare ones that would be a source of pride for experts in forensics, penetration testing, and reverse engineering worldwide. We have an incentive program that helps employees achieve certifications at the company's expense.
• Challenges: A wide selection of GIB programs helps you improve soft skills, gain new competencies, and receive monetary rewards.
• The initiative is rewarded: At Group-IB, you can bring your most daring ideas to life. The company encourages technical blogging, writing articles, building sports teams, and other creative activities.