Professional Cloud & Forensic Operator.

Conducting court-proof digital forensics (disk, memory, network) in complex enterprise scenarios.

Investigating compromises in M365, AWS, GCP and Azure. You know log sources such as CloudTrail, GuardDuty or Sentinel by heart.

You don’t just analyze the intrusion — you understand the underlying architecture (AD, virtualization, network segments) to eliminate the root cause holistically.

You build forward-looking cloud infrastructures for the incident case. Using Terraform and SaltStack you realize on-demand deployment of isolated analysis environments (e.g. forensic VMs with automated connection to central analysis servers).

Developing automation to accelerate the forensic workflow. You use Python or scripting languages to scale data collection, triage and processing at large scale.

Deriving hardening strategies from forensic findings to sustainably increase the resilience of customer environments.

Several years of relevant experience in digital forensics and incident response (DFIR). Confident use of common toolsets for artifact analysis, triage and disk forensics.

In-depth knowledge of the security architectures of AWS, GCP or Azure and a solid understanding of how M365 tenants work.

Broad understanding of modern IT infrastructures (hybrid cloud, Kubernetes, Active Directory, complex routing stacks). You speak infrastructure fluently and know how to isolate it for analysis.

Confident use of IaC tools (Terraform) and configuration management (SaltStack, Ansible or comparable) to provision forensic stacks at the push of a button.

You have minimal coding experience (Python, PowerShell or Go) to script forensic processes and work with APIs.

A problem solver with an eye for the big picture. In crisis situations you remain the technical anchor and make well-founded decisions.