This job has expired

Incident Response Specialist

CyberApt Recruitment
Closing date
23 Feb 2021

View more

Technology & New Media
Contract Type
You need to sign in or create an account to save a job.

Job Details

**No sponsorship provided - candidates must have the right to work in the UK**

I am partnered exclusively with a Global Insurer that is investing heavily into their security and engineering functions and recruiting for an Incident Response Sepcialist to work within the Global Security Operations function.

Experience with threat hunting/hands on Incident response or Forensics will be advantageous.

This is a remote based role until lockdown is eased where some travel into the London office will be expected.

Primary Duties & Responsibilities:

  • Demonstrated leadership in directing and conducting research efforts, including prior experience as lead Investigator.
  • Strong background in computer/network security concepts and technologies, including extensive knowledge of enterprise security operations and computer network vulnerabilities and exploits.
  • Experience writing technical reports and presenting results to leadership.
  • Identify deficiencies in security posture and develop, administer, and participate in action plans to address these gaps.
  • Facilitate effective communication between project/program stakeholders
  • Experience in managing large-sized projects/programs across multiple disciplines and/or teams.
  • Advanced-level understanding of business risk and how to properly advise a customer through critical situations
  • Strong team orientation, collaboration skills, and interpersonal skills
  • Adept at helping team members harness and develop strengths in pursuit of successful program outcomes
  • Proven problem-solving, critical thinking, and decision-making skills
  • Excellent interpersonal and communication skills, and proven ability to work effectively with all organizational levels
  • Conduct analysis of network traffic and host activity across a wide array of technologies and platforms Perform general SIEM monitoring, analysis, content development, and maintenance
  • Conduct and drive incident response activities such as host triage and retrieval, malware analysis, remote system analysis, end-user interviews, and remediation efforts
  • Compile detailed investigation and analysis reports for internal SOC consumption and delivery to leadership
  • Track threat actors and associated tactics, techniques, and procedures (TTPs) by capturing intelligence on threat actor TTPs and developing countermeasures in response to threat actors
  • Analyze malicious campaigns and evaluate the effectiveness of security technologies
  • Provide forensic analysis of network packet captures, DNS, proxy, Netflow, malware, host-based security and application logs, as well as logs from various types of security sensors

· Conduct and provide computer forensic analysis of system memory and disk images
  • Coordinate threat hunting activities across the network, leveraging intelligence from multiple internal and external sources, as well as cutting-edge security technologies
  • Hunt for and identify threat actor groups and their techniques, tools, and processes
  • Identify gaps in IT infrastructure by mimicking an attacker's behaviors and responses
  • Provide analytic investigative support of large scale and complex security incidents

· In depth understanding of cloud service providers (CSP) security offerings

· Understanding of and ability to perform malware reverse engineering

· Effective at utilizing sandbox technologies to detonate malware samples

Minimum Qualifications:

· Strong understanding of Lockheed Martin's Kill Chain

· In depth knowledge of MITRE ATT&K matrix

· Advanced understanding of networking concepts and ability to analyze network artifacts

· Effective communication across technical silos

· 8-10+ years of actual work-related experience in the field of Information Security
  • Experience with SIEM solutions (preferably Splunk or similar tool) search language, techniques, alerts, dashboards, report building, and creation of automated log correlations.
  • 8-10+ years of relevant cybersecurity experience in IT Security, Incident Response, or network security with a strong knowledge working in a SOC
  • The ability to write well and convey information to the intended audience in an easily understood manner
You need to sign in or create an account to save a job.

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert