Utrecht, Netherlands

Educational Level:


Incident Responder

What you do

You are responsible for helping clients to overcome their security incidents. To do so, you will go on site and help the client getting back to business as quick as possible.  

As an incident Responder there is not such as a typical day. Our emergency centre calls in case of an incident at an organization. After the first triage, you go to the client site with a specific formed team. The CERT cases with forensic equipment are ready to go and within 4 hours you are on-site. You work until late in the evening. The customer has indeed been hacked. Accounts have been compromised and customer data got stolen. In the following days, you’ll help plug the leaks, secure the evidence, and file the appropriate report. You also determine which security measures suit the customer best and make sure the client is back to business as quick as possible. The police are pursuing the matter further and benefit from the evidence you collected.And the client can breathe again! 

This is an example of how a day could possibly turn out, but as an Incident Responder no day is the same. You are responsible for helping clients overcome their security incidents, that (obviously) always happen unexpected. When no incidents are taking place, you improve the way of working of the CERT or you help other teams.  

The team

The CERT consists of Incident Responders, Incident Response Coordinators and the CERT Manager. When going on site helping an organization, a case specific team is formed. Sometimes team members from other teams are asked to help because of their specific expertise. The team is, such as all the other teams within Northwave, always focused on further developing their techniques and processes. The knowledge about digital threats gained during incidents is also shared within other teams within Northwave. Our clients are mainly located in The Netherlands and Germany, but we also work for clients in Belgium, Switzerland and other European countries. 

You enjoy

  • Puzzling until you have found the root cause
  • Advising clients about their current security incident 
  • Creating order in chaos  
  • Tension and working in unexpected situations 


What we expect from you

  • A minimum of 3 years of experience within the field of digital investigation in Cyber Security 
  • Extensive knowledge of Cyber Security and Digital Forensics 
  • A structural way of working 
  • SANS GCFE/GCFA/GNFA certifications are an advantage, but not necessary 
  • We will be extra happy if you have a Private Investigator diploma from SVPB, but it’s not necessary 

What you can expect from us

  • New Macbook, iPhone and mobility scheme to support flexible working
  • 25 vacation days
  • Good retirement arrangement
  • Company wide courses and individual training opportunities to further develop yourself
  • 200+ passionated colleagues to work with and learn from
  • Fun company events and parties, check our working at page here for an overview

Application process


After you applied, Emilie will give you a call to discuss what you are looking for in your next step.

1st interview

We are curious who you are and would like to tell you more about Northwave and this role. This meeting will be with Emilie and the manager.

2nd interview

We go further in depth and you will meet colleagues from the team. Hopefully you want to visit our office!

Technical test

Prove yourself! And find out what activities are done in this role.

Job offer

The moment to say “I do!” Hopefully you are as enthusiastic as we are and come aboard as a new Northwaver!

Join us!

  • pand