Consultant - Incident Response (CPX)

Overview

Key Responsibilities

• At least 1-3 years of experience in the following activities
• Serve as technical expert on active incident response engagements across different IR Retainer customers
• Achieve tasks independently within the team before initial 6 months
• Execute threat hunting activities in support of incident response and proactive environment assessments
• Carry out host-based assessments using EDR tools and network assessments utilising full packet data to determine the extent and scope of possible compromise
• Perform host and/or network-based forensics across Windows, Mac, and Linux platforms.
• Execute digital forensic investigations supporting cyber incident response engagements
• Contribute to process documentation and continuous service improvement activities
• Flexible schedule that is open to changing situations and opportunities
• Learn to produce detailed reports and technical briefs
• Explain technical findings in a manner that can be easily understood by technical and non-technical staff
• You must be a team player, with a humble and approachable nature who is willing to go the extra mile.

Technical Skills

• Strong understanding of blue team operations and threat hunting
• Sound understanding of network protocols, TCP/IP etc.
• Sound understanding of Microsoft Windows
• Sound understanding of Linux and/or OSX is a plus
• Ability to learn forensic skills across multiple operating systems
• Basic understanding of network analysis tools like Bro/Zeek, Rita or Suricata
• Ability to perform analysis of system and network devices logs
• Basic understanding of the capabilities of static and dynamic malware analysis
• Sound understanding of enterprise systems, technologies, and infrastructure
• Strong understanding of current threats, vulnerabilities, and attack trends
• Sound understanding of ATT&CK framework
• Good organisational skills, ability to prioritise, and ability to learn to work independently before the end of the trial period
• Ability to learn quickly and apply the learnings into the job on a day-to-day basis

Certifications/Qualifications/Skills

• Good attention to detail and reporting accuracy
• English language skills, both spoken and written
• GIAC Certified in a minimum of one discipline: GNFA, GCIH, GCIA, GCFE, GCFA, GDAT, etc Or equivalent (eLearnSecurity .etc)
• At least previous basic experience working with EDR tools and threat hunting tools
• Previous experience performing network forensics desirable
• Knowledge about cloud security infrastructure (AWS, Azure, Oracle, others) desirable
• Knowledge about OT/ICS/SCADA technologies will be a plus
• Bachelor's degree in Computer Science or Engineering desirable, but not mandatory