HTB
Crowdcruit

Digital Forensics & Incident Response (DFIR) Investigator – Ransomware & Evidence Acquisition

atCrowdcruit
Greece
Full time

Job Listing on behalf of TicTac SA

TicTac is a Greek‑based cyber‑security and data‑recovery specialist with roots that go back more than 25 years. Launched in 1999 as a laboratory focused on rescuing data from damaged storage media, the company spun up a dedicated Cyber Security & Incident Response division in 2017 and has since evolved into a full‑service MSSP and 24/7 SOC provider

Description:
We are hiring a Digital Forensics & Incident Response (DFIR) Investigator to strengthen our cyber incident response and forensic analysis team. The ideal candidate will have solid hands-on experience in ransomware investigations, forensic imaging, log correlation, and evidence collection both remotely and on-site. This role is highly investigative and technical, requiring excellent analytical skills, forensic software proficiency, and the ability to produce professional reports in both Greek and English for use in legal, internal, or regulatory proceedings.


Requirements:

  • Minimum 3 years of experience in digital forensics and incident response

  • Proven involvement in ransomware investigations and patient zero identification

  • Experience collecting and analyzing evidence from firewalls, ESXi logs, EDR/MDR platforms, Windows/Linux servers

  • Hands-on experience with Magnet AXIOM, FTK, Autopsy, or equivalent open-source forensic tools

  • Experience in both remote and on-site acquisitions of desktops, laptops, mobile devices, and servers

  • Familiarity with mobile device forensics (Android/iOS) and cloud data acquisition

  • Strong understanding of log collection systems and SIEM setup

  • Ability to detect data exfiltration, draw attack timelines, and identify TTPs

  • Excellent writing and documentation skills in both Greek and English

  • Degree in Digital Forensics, Cyber Security, Computer Science, or equivalent (preferred)

  • Relevant certifications (e.g. GCFA, EnCE, CHFI, CCE, GNFA, or equivalent) are a strong plus

  • Greek residency and valid driver’s license (due to on-site assignments)


Duties:

  • Conduct full forensic investigations in ransomware cases, from triage to evidence reporting

  • Analyze logs from firewalls, ESXi, servers, EDR/MDR platforms, cloud systems, and user devices

  • Perform forensic data acquisition from computers, servers, mobile phones, virtual machines, and cloud accounts

  • Assess photo and document authenticity when required

  • Set up and configure log collection and correlation systems (e.g. syslog collectors, open-source log stacks)

  • Build attack graphs and timelines, identify patient zero and lateral movement

  • Determine presence of data exfiltration and classify impact

  • Produce structured forensic reports for clients, legal teams, or law enforcement in both Greek and English

  • Collaborate with cyber security engineers and legal advisors on complex breach scenarios

  • Support internal investigations of employee misconduct or policy violation

  • Perform Data Recovery operations

What we offer:

  • Company laptop

  • Health insurance

Date posted
May 10, 2025