Senior Incident Response Analyst
Amplo Talent are partnered with an innovative cyber solutions business who are looking to expand their Incident Response team. If you are an experienced Incident Response Analyst who enjoys working in a team where ideas and innovation are strongly encouraged, this would be a good match for you.
Innovation and experimenting with cutting-edge technologies are at the heart of this business. Team fit is highly important, if you have a drive to learn the latest cutting-edge technologies then you will fit in well.
The focus of the team is too provide advanced and innovative cyber security protection to its clients by utilising numerous sophisticated means to detect and manage technical security incidents. As a senior responder, you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of intrusion prevention systems, vulnerability scanning tools, and malware forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures, and be able to quickly determine the nature of the threat and deliver the appropriate response.
As Senior Incident Response Analyst you will ideally have:-
- Good awareness of the current threat landscape
- Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation
- Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution
- Experience with network analysis and network intrusion detection
- Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files such as those generated by firewalls, web servers, and proxies
- Experience of writing and implementing Snort/Suricata rules
- Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC)
- Knowledge of analysing artefacts to deduce behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities
- Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs
- Familiarity with malware dynamic analysis to determine potential malicious intent of samples
- Some experience with static analysis and reverse-engineering of samples and C2 protocols
- Ability to innovate malware hunting methods
- Familiarity with Elastic, Splunk, or similar would be beneficial
- Understanding of vulnerabilities and vulnerability detection
- Ability to launch and interpret network vulnerability scans, web scans, and port scans
- Ability to produce and to review reports
- Ability to commit to small development projects (for example, in C or C++) as well as ad-hoc scripting (for example, in Python)