Incident Response Analyst

Posted 04 July 2024
Job type Permanent
Discipline Cyber Defence
Contact NameCharlee Ryman

Job description

Are you looking for a role purely focused on incident response? We are working with an elite organisation who have incident response and threat hunting arms that support their SOC. They are looking for individuals who wish to specialise in IR.

This role needs people who are eligible for DV clearance and are happy to come into London a few times per month. Plenty of training is given however, candidates need a good understanding of the below:
Key Responsibilities
  • Performing consultancy for clients and producing high-quality reports to present findings and guidance.
  • Maintaining target utilization on client chargeable projects as an Incident Response Consultant.
  • Producing output that highlights the technical competence of the company to a publishable standard.
  • Supporting your practice area in successful delivery and growth.
What they are looking For?
  • Solid understanding of client-server infrastructures, security architectures, and related logging and alerting.
  • Knowledge of TCP/IP networking and the ability to perform network forensic analysis.
  • Proficient in file-system analysis, including FAT, NTFS, HFS+, and/or EXT2/3/4, with the ability to find and extract common disk-based indicators of compromise.
  • Knowledge of Business Email Compromise.
  • Understanding of Windows, Linux, and/or OS X internals.
  • Familiarity with the phases of Incident Response as defined by NIST.
  • Awareness of common attack techniques.
  • Experience in memory analysis.
  • Ability to report key findings clearly and concisely at both technical and senior management levels.
Bonus Points
  • Knowledge of and experience in Malware Analysis, at least at a behavioural analysis level.
  • Experience with scripting languages such as Python, Ruby, Powershell, or Bash.
  • Familiarity with common cloud technologies.
  • Vendor-independent qualifications in Incident Response and Forensics, such as GIAC, IISFA, IACIS, ISFCE, ECCouncil, or CREST certifications (e.g., CFCE, CCE, CIFI, CHFI, ECIH, GCIH, GCIA, GCFA, GCFE, GREM, GCED, Intrusion Analyst, Network or Host Intrusion Analyst, or Malware Reverse Engineer).
  • Vendor-specific qualifications such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE), or X-Ways Professional in Evidence Recovery Techniques (X-PERT).
If you have a passion for IR and want to be a part of an elite team, then go ahead and apply now.