Senior Incident Response Consultant (1011)
Location: Home based
We have partnered with a leading DFIR consultancy who are looking for someone to join their Incident Response team.
This position is ideal for someone who has excellent customer facing skills and enjoys being the ‘first responder’. A deep technical knowledge and understanding of incident response, digital forensics and the investigations processes is key.
This is a fantastic opportunity to join a well-established business who are looking to expand their IR function.
• Emergency incident response – mitigation and remediation.
• Manage and organise initial responder activities remotely and onsite premises to contain cyber incidents for customers.
• Calm and collected client Incident Management
• Acquire and investigate server logs, firewall logs, intrusion detection system alerts, traffic logs and host system logs.
• Conduct forensic acquisitions of disks, RAM, mobile telephone and other relevant devices.
• Perform malware analysis.
• Develop the latest incident response tools and techniques utilising upon open source principles.
• Complete customer incident response capability maturity assessments.
• Progress customers’ own incident response capabilities through advisory and consultative projects.
• Delivering high quality technical investigations to clients
• Distribute written and oral customer communications in the form of presentations and reports.
• Develop and maintain a relationship with the commercial team and attend scoping calls when necessary.
• Provide quotations for the commercial team when required.
Skills and Experience
• Excellent client-facing skills. Able to communicate at all levels, adapting the style of communication to meet the needs of the audience.
• Proven understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
• Strong understanding of enterprise-grade technical security controls and defence in depth practices.
• Experience in incident handling, threat hunting and threat intelligence.
• Experience of collecting logs from and utilising HIDS, IDS/IPS systems, SIEMs, AD controllers and firewalls.
• Ability to correlate events from various sources to create incident timelines.
• Experience in cloud-based infrastructure including Microsoft Azure and Office 365, Amazon AWS, and Google Cloud.
• An excellent attitude and the willingness to learn and study for certifications.
• Ability to effectively plan and coordinate projects.
• Demonstrate a high level of accuracy and attention to detail.
• SANS or CREST accreditation