Cyber Incident Response Consultant
Role details
Job location
Tech stack
Job description
Location and additional requirements: This role offers flexibility to work remotely from your own home, or as a hybrid arrangement by working from our offices in Oxford or Glasgow, if preferred. There is also a requirement for flexibility from employees to visit client sites across the UK as part of this role. You will also be involved in a on-call rota where you may be required to work evenings, weekends and bank holidays., We encourage candidates from underrepresented groups to apply and are committed to providing a supportive and accessible environment for all our employees. If you require accommodations during the application process, let us know, and we'll work to meet your needs.
What You'll Do:
- Acquisition and analysis of forensic sources to triage client incidents.
- Timelining of relevant technical events and business activities to establish end-to-end overview of adversary movement and techniques.
- Provide consultancy on BAU to help establish operations during critical incidents, and support client mitigation and recovery efforts.
- Reverse engineer malware samples when necessary to discover actionable indicators of compromise.
- Perform threat hunting across client estates driven by investigation findings and Mitre ATT&CK tactics.
- Analyse and correlate threat intelligence data from external sources to augment investigation findings.
- Develop service capabilities through the design of infrastructure and tooling to increase efficiency and accuracy.
- Deliver client workshops such as tabletop exercises and staff training.
- Deliver detailed reports presenting all investigation findings required by internal or external stakeholders including possible legal body involvement.
- Assist clients with the creation and maintenance of incident response policy and procedures.
Requirements
- Significant experience in Cyber Security Incident Response (CSIR) plans and preparedness assessment.
- Experience of multiple incidents and use of technical skills during a cyber-attack, including identification, containment, and eradication of attacks.
- Expertise in digital forensic investigation.
- Experience of leading customer engagements on-site.
- Experience of working as the solo consultant on jobs and of working in teams.
- Excellent technical writing skills with the ability to write a post-incident report summary for a non-technical audience.
Key Attributes:
- Holding a CREST Cyber Security Incident Response (CSIR) certification.
- Proactive at writing technical documents and improving processes.
- Outstanding verbal communication skills with the ability to explain things in a clear and non-technical way.
- Ownership and leadership on developing and providing training courses.
- An understanding and/or previous experience in penetration testing, red teaming, or technical security assessments.
Are you an experienced Cyber Incident Response Consultant looking to further improve your skills and take on more responsibilities? If so, this opportunity is perfect for you!
Benefits & conditions
Our employees are the heart of our business. We value our employees and invest in their growth and well-being. Here's what we offer:
- Hybrid Working: Flexibility to work remotely or use our UK offices around client visits.
- Professional Growth: Time for skill development.
- Well-being Focus: Enhanced annual leave of 25 days + bank holidays, Private health insurance, Specsavers vouchers, income protection and EAP scheme.
