Consultant - Incident Response (CPX)

About This Role

Overview As a consultant – Incident Response, you live and breathe blue team operations. Your technical expertise in endpoint and network threat detection and defence is complemented by your integrity and passion for cyber security and technology.

You work well in a team of highly motivated and skilled blue teamers, but you can also achieve your work independently in different engagements and scenarios. You enjoy taking on new challenges in a fast-paced and dynamic working environment. You are a team player who is always willing to help where required, with a humble and positive attitude.

Responsibilities Key Responsibilities

• At least 1-3 years of experience in the following activities
• Serve as technical expert on active incident response engagements across different IR Retainer customers
• Achieve tasks independently within the team before initial 6 months
• Execute threat hunting activities in support of incident response and proactive environment assessments
• Carry out host-based assessments using EDR tools and network assessments utilising full packet data to determine the extent and scope of possible compromise
• Perform host and/or network-based forensics across Windows, Mac, and Linux platforms.
• Execute digital forensic investigations supporting cyber incident response engagements
• Contribute to process documentation and continuous service improvement activities
• Flexible schedule that is open to changing situations and opportunities
• Learn to produce detailed reports and technical briefs
• Explain technical findings in a manner that can be easily understood by technical and non-technical staff
• You must be a team player, with a humble and approachable nature who is willing to go the extra mile.

Technical Skills

• Strong understanding of blue team operations and threat hunting
• Sound understanding of network protocols, TCP/IP etc.
• Sound understanding of Microsoft Windows
• Sound understanding of Linux and/or OSX is a plus
• Ability to learn forensic skills across multiple operating systems
• Basic understanding of network analysis tools like Bro/Zeek, Rita or Suricata
• Ability to perform analysis of system and network devices logs
• Basic understanding of the capabilities of static and dynamic malware analysis
• Sound understanding of enterprise systems, technologies, and infrastructure
• Strong understanding of current threats, vulnerabilities, and attack trends
• Sound understanding of ATT&CK framework
• Good organisational skills, ability to prioritise, and ability to learn to work independently before the end of the trial period
• Ability to learn quickly and apply the learnings into the job on a day-to-day basis

Qualifications Certifications/Qualifications/Skills

• Good attention to detail and reporting accuracy
• English language skills, both spoken and written
• GIAC Certified in a minimum of one discipline: GNFA, GCIH, GCIA, GCFE, GCFA, GDAT, etc Or equivalent (eLearnSecurity .etc)
• At least previous basic experience working with EDR tools and threat hunting tools
• Previous experience performing network forensics desirable
• Knowledge about cloud security infrastructure (AWS, Azure, Oracle, others) desirable
• Knowledge about OT/ICS/SCADA technologies will be a plus
• Bachelor's degree in Computer Science or Engineering desirable, but not mandatory