Cyber Incident Responder

Location: Reading or London
Salary: Competitive & commensurate with experience

Role Summary

In this role you’ll build strong relationships within a Cyber and Resilience practice with lots of extremely talented individuals. You’ll be working with clients looking to bridge the maturity gap or satisfy bespoke business/security objectives, getting to work, fast, to identify root causes, evict threats and automate manual tasks performed by Security Operations.

The Cyber Incident Responders/Threat Hunters will be called to answer client needs regarding proactive incident response, reactive incident response, post-breach assessments, managed threat hunting as well as implementing response automation technologies.

The Company

Our client is shaping strategies and transforming technology to minimise cyber security risk. You’ll build strong relationships within a Cyber and Resilience practice with some 300 extremely talented individuals. Their team brings together people who graduated in everything from Philosophy to Law, Maths and Computer Science. Join them and you will operate at the cutting edge, enjoying the kind of professional development that will set your potential free.

Key Responsibilities

  • Construct and exploit open source and commercial threat intelligence to detect, respond, and defeat advanced persistent threats (APTs).
  • Fully analyse network and host activity in successful and unsuccessful intrusions by advanced attackers.
  • Conduct advanced threat hunt operations using known adversary tactics, techniques and procedures as well as indicators of attack in order to detect adversaries with persistent access to the enterprise.
  • Create and add custom signatures, to mitigate highly dynamic threats to the enterprise using the latest threat information obtained from multiple sources.
  • Deep understanding of networking protocols and infrastructure designs, including some of the following: firewall functionality, encryption, host and network intrusion detection systems.
  • Conduct adversary disruption leveraging tactical, technical and legal capabilities to eradicate threat.
  • Characterize suspicious binaries and be able identify traits, C2, and develop network and host-based IOCs.
  • Identify potential malicious activity from memory dumps, logs, and packet captures.
  • Maintain and employ a strong understanding of advanced threats, continuous vulnerability assessment, response and mitigation strategies used in Cybersecurity operations.
  • Analyse and reverse engineer various file types, including providing dynamic and static analysis of malware artefacts and binaries as well as other malicious attack files.

Key Requirements

Essential

  • Proven experience in incident response or Threat Hunting, either in-house or as a consultant.
  • Strong understanding of Operating Systems and Network Protocols.
  • Prior experience in network forensics with an emphasis on detecting malicious activity using network traffic.    
  • Knowledge of current hacking techniques, vulnerability disclosures, data breach incidents, and security analysis techniques.    
  • Demonstrated experience with Windows and/or Unix/Linux operating systems including command-line tasks and scripting.
  • Familiarity with common commercial and/or open source vulnerability assessment tools and techniques used for evaluating operating systems, networking devices, databases and web servers.
  • Familiarity with threat modelling, development of attack plans.
  • Experience working with security intelligence, data analytics, security incident response, and forensic investigation teams.
  • Passion for information security and service excellence.
  • Highly developed interpersonal, communication and organisational skills.    
  • Research experience in tracking cyber threat and malware campaign activity.

Desirable

  • Previous experience as Threat Researcher and/or Intelligence Analyst.
  • Tool agnostic ability to conduct preliminary malware analysis.    
  • Strong scripting and task automation skills.    
  • Demonstrated technical experience with Networking.    
  • Red Team/Blue Team/Purple Team/Pen-Testing.

Qualifications

Essential

  • BSc in Computer Science, Engineering, Information Science or a related discipline (or equivalent experience)    
  • Ideally at least 3 years’ experience in Cyber Security (or Offensive Security/ Incident Response)

Desirable

  • GIAC     Certified Forensic Analyst (GCFA)    
  • GIAC     Certified Forensic Examiner (GCFE)   
  • GIAC     Certified Incident Handler (GCIH)    
  • GIAC     Certified Intrusion Analyst (GCIA)    
  • GIAC     Reverse Engineering Malware (GREM)    
  • CISSP
  • CISM