Cyber Incident Response Specialist
Fully Remote with occasional overseas travel
This is a great opportunity to join a fast-growing global scale-up delivering bespoke Security Operations and Analytics services to a diverse client base. The company manages cyber exposure, risk and compliance security analytics and sophisticated risk and threat management technology by identifying, predicting and preventing cyberthreats to protect their clients in Real Time
The Cyber Incident Response Specialist will be a key member of the CSIRT team, using established methodologies to perform a variety of Incident Response related activities for clients operating at varying levels of technical maturity, to immediately and efficiently respond to active threats.
The Cyber Incident Response Specialist will:
- Provide expertise in the response to, and recovery from, complex cyber security incidents.
- Conduct remote analysis, running and participating in exercises and attack simulations, testing detection and response tools.
- Assist in the writing of Incident Response Plans.
- Submit post-incident root cause analysis reports to customers to improve security architecture and process models, in order to mitigate risks and prevent similar attacks.
- Demonstrate leadership skills, clear and concise communication with others, ability to handle a crisis, as well as personal agility to adapt to changing environments. A strong comprehension of malware, emerging threats and calculating risk will be critical in this role.
• Execute incident response processes according to IR standard operating procedures while providing recommendations and guidance to customers
• Provide subject matter insight to clients about industry threat intelligence by developing advisories and maintaining deep awareness and understanding of evolving threat landscape
• Perform threat hunting to proactively identify attacks within customer networks by developing procedures and using existing tools
• Conduct research and continuously improve tools, methodologies and techniques
• Serve as a subject matter expert for other consultants/teams and regularly collaborate and contribute to increasing the knowledge level of the group.
• Demonstrate capability to map technical findings to business impacts and communicate those in a manner which is understandable by a non-technical audience.
• Act as a point of escalation for critical security events and incidents and to the CSIRT team for escalation and remediation
• Take part in regular blue/purple team exercises and CTF events.
• Able to clearly communicate the Incident Response Lifecycle and the Attack Life Cycle (Kill Chain)
• Specialize in host centric analysis of Windows and Linux systems utilizing forensic tools
• Familiar with network forensic analysis, with a good understanding of network protocols.
• Understanding of different attacks techniques and tactics to provide custom detection, containment, and remediation plans for customers.
• Programming/Scripting (Python, PowerShell, Bash etc.)
• Proactively seek adversaries on customer networks using a variety of tools and techniques.
• Ability to travel abroad and remain on customer site until full incident recovery
• Bachelors’ Degree in Computer Science or a related degree; or, equivalent industry experience.
Additional experience in any of the following is advantageous:
• Forensic Ιnvestigations :
• Penetration Testing
• Reverse engineering
• Running Tabletop Exercises
• Threat Hunting
• Threat Intelligence
• Broad knowledge of security solutions
• Master Degree in Information Security
• Industry Certifications such as GCIH, GCFE, GCFA, CFCE, OSCP, CISSP