Incident Response Consultant
Are you an Incident Responder or Threat Hunter who’s passionate about what you do? Do you want to get paid to spend time researching advanced targeted attack methods and developing new exploitation techniques in order to develop your skills, as well as to investigate and contain security breaches?
We value not just your ability to undertake the technical aspects of the role but more importantly, your genuine passion for incident response. If you’re interested in working with an organisation that will reward an appetite for development by providing you with the time, training and resources you need in order to grow your professional interests further in a way that benefits you and not just the business, then we might be the place for you.
We promote an entrepreneurial environment, where our team are encouraged to contribute to the industry by way of whitepapers, presentations, attendance at various security conferences, and independent research. In return we ask that you demonstrate a positive and professional attitude and a genuine appetite to learn and build great relationships with clients with their needs in mind.
If this sounds like you, you’re open to traveling to visit clients up to 65% of the time and you possess the following technical knowledge then you might be the right person for us:
- A strong knowledge of TCP/IP networking with the ability to complete network forensic analysis
- Knowledge of Windows, Linux and/or OS X internals
- Knowledge of and exposure to Malware Analysis to a minimum level of behavioural analysis
- A good understanding of client-server infrastructures, security architectures and logging & alerting
- A strong understanding of file-system analysis including FAT, NTFS, HFS+ and/or EXT2/3/4 as well as the ability to find and extract common disk-based indicators of compromise
- Knowledge of memory analysis
- The Ability to report findings in a clear manner both at technical and senior management level
This role requires a good working knowledge of incident response and might be suitable to you if you’ve studied computer science, IT security, or Computer Forensics and are interested getting into the fascinating field of pulling apart real-world attacks in a company that is highly innovative, rapidly growing and with lots of opportunities to learn and grow.
The primary responsibility of your role would be to work with our clients to deliver Investigations and Incident Response services. These services are aimed at responding to and containing security incidents for our clients, with a particular focus on advanced targeted attacks. This can also cover a wide range of areas including forensic investigations, proactive compromise assessments, and guiding our clients through the implementation of response procedures.
You’ll also have to clearly communicate to a range of audiences from technical practitioners through to executive boards. This requires the ability to identify technical issues and describe them in the language of the business you are engaged with.
You will have good general knowledge of both enterprise IT platforms and information security and understand the motivations and methods adopted by a wide range of threat sources with a good understanding of how exploitation of systems occurs.
Other aspects of the role include:
- Performing consultancy for our clients and producing high quality reports to present findings and guidance
- Maintaining target utilisation on client chargeable projects whilst working as an Incident Response Consultant
- Producing output to highlight the technical competence of the company to a standard that can be published
- Supporting your practice area in successful delivery and growth
- Experience with a scripting language such as Python, Ruby, Powershell or Bash is desirable
- Vendor independent qualification in Incident Response and Forensics such as GIAC, IISFA, IACIS, ISFCE, ECCouncil or CREST certifications (e.g. CFCE, CCE, CIFI, CHFI, ECIH, GCIH, GCIA, GCFA, GCFE, GREM, GCED, Intrusion Analyst, Network or Host Intrusion Analyst or Malware Reverse Engineer)
- Vendor specific qualification such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE) certification or X-Ways Professional in Evidence Recovery Techniques (X-PERT)
- It is preferred if candidates hold or could obtain a UK Government security clearance, although this is not a requirement