Cyber Security Engineer
The role, as Cyber Security Engineer will work with collaboratively work with our engineering teams to support security throughout the development lifecycle, as well as to build proactive monitoring and responses to security events. We are the eyes and ears of the organisation using the latest technologies to increase visibility and protection of our systems, services and data to reduce risk and impact to our customers, colleagues and business. We need to stay ahead of the latest threats, continuously improving our tooling, training and processes.
A Forensic Investigator will need to be able to cover three key areas; host forensics, memory forensics and network forensics. The ideal candidate will be the go to person for on-going forensic incident response as part of the Technology security team, where potential threats are identified you will contribute to and in some cases lead the response and investigation required to obtain all of the facts. A typical day will involve close working with security teams, responding to incident tickets and alerts, aiding investigations, and continually improving our response, detect and prevention processes. A key aspect will be contribution to the development of forensic investigation tooling and capability.
Whilst specific responsibilities will be dependent upon the changing needs of the business, the following provides an overview of the role's key responsibilities and measures:
- Follow our Business Code of Conduct always acting with integrity and due diligence
- Represent the Technology Security team and assist other teams to investigate security incidents
- Work closely and collaboratively with security, infrastructure and engineering teams
- Collaborate closely with colleagues within the wider global Technology organisation and the business to establish effective and productive relationships
- Involvement in and leading of security incidents which occur on our systems
- Drive improvements for use cases for the security operations team
- Drive adoption of new tools and techniques being able to understand their value and impact
- Keep technical skills up to date and keep track of new technologies, understanding how they might benefit the team
- Share knowledge with the wider security community
- Champion continuous improvement within the department
This role will best suit an individual who enjoys working as part of a team, is well organised, pragmatic and a lateral thinker with an inquisitive mind who is motivated to make change for the better and, most importantly, puts our customers first.
Key Skills and Experience
You'll need to have demonstrated experience of Digital Forensic or Incident Response Investigations:
- Experience of evidence & artefact acquisition, both via physical and remote methods
- Understanding of file system fundamentals, e.g. NFTS, FAT, ext2, ext4, ext4 etc.
- Experience with Forensic toolsets such as Encase, X-Ways, IEF, Autopsy, or equivalents
- Understanding of Anti-Forensic Techniques
- Proficient in timeline analysis
- Technical understanding of memory management including concepts
- Experience with memory analysis frameworks such as Volatility or Rekall
- Technical understanding of modern attacker tools and techniques
- Proficient understanding of network protocols including the seven layer and TCP/IP network models
- Proficient in IDS analysis, including creation of network signatures
- One or more of the following certifications:
- GIAC Certified Forensic Analyst (GCFA)
- GIAC Certified Forensic Examiner (GCFE)
- CREST Registered Intrusion Analyst (CR IA)
- CREST Certified Host Intrusion Analyst (CC HIA)
- CCNIA Certified Network Intrusion Analyst (CC NIA)
For more information, please apply to this advert.