Description

As a CERT Incident Responder at Stoïk, you will own the full lifecycle of cyber incidents for our policyholders from initial triage to post-incident reporting. You will also serve as a technical advisor to our underwriting team and a critical support for our Customer Success Management team or our Sales team, helping translate complex security risk into business-level recommendations.

Responsibilities

• Lead incident response engagements (ransomware, data breaches, BEC) from containment through remediation

• Conduct forensic investigations using KAPE, Velociraptor, and EDR platforms (CrowdStrike Falcon, SentinelOne)

• Produce clear, client-facing incident reports for both technical and executive audiences

• Provide real-time crisis communication to clients during active incidents

• Support underwriters with technical risk assessments on prospects and renewals

• Contribute to internal runbooks, playbooks, and tooling improvements

• Participate in building tools for our SOC or CERT team

Required Qualifications

• 3+ years of experience in DFIR, or CERT roles

• Proven experience leading multiple ransomware incident responses end-to-end

• Hands-on proficiency with Velociraptor, KAPE, CrowdStrike Falcon, and/or SentinelOne

• Strong log analysis and network forensics skills

• Skilled in AI agents usage & tool buildings through AI

• Ability to communicate technical findings clearly to non-technical stakeholders

• Fluent in English and a native language (Dutch, German, Italian, Spanish, French..)

What We're Looking For

Beyond technical skills, we're looking for someone who takes ownership under pressure, communicates with clarity and confidence, and has the judgment to make fast decisions in high-stakes situations. You will regularly be the most knowledgeable person in the room during a crisis, and we need you to act like it.

Expected languages & locations

We're recruiting for the following native languages :

• Dutch

• German

• Italian

The job position is fully remote based.