Role Description

This role requires a good working knowledge of incident response and is suitable for candidates who have studied computer science, IT security, or Computer Forensics and are interested getting into the fascinating field of pulling apart real-world attacks in a company that is highly innovative, rapidly growing and with lots of opportunities to learn and grow.

The primary responsibility of this role is to work with clients to deliver Investigations and Incident Response services. These services are aimed at responding to and containing security incidents, with a particular focus on advanced targeted attacks. This can also cover a wide range of areas including forensic investigations, proactive compromise assessments, and guiding our clients through the implementation of response procedures.

The role also requires the ability to clearly communicate to a range of audiences from technical practitioners through to executive boards. This requires the ability to identify technical issues and describe them in the language of the business you are engaged with.

A successful candidate should have a good general knowledge of both enterprise IT platforms and information security. They will be required to understand the motivations and methods adopted by a wide range of threat sources with a good understanding of how exploitation of systems occurs.

Other responsibilities include

• Performing consultancy for clients and producing high quality reports to present findings and guidance
• Maintaining target utilisation on client chargeable projects whilst working as an Incident Response Consultant
• Producing output to highlight the technical competence of the company to a standard that can be published
• Supporting your practice area in successful delivery and growth

Required Attributes

• Solid understanding of client-server infrastructures, security architectures and related logging and alerting
• Knowledge of TCP/IP networking with the ability to perform deep-dive network forensic analysis
• Solid understanding of file-system analysis including FAT, NTFS, HFS+ and/or EXT2/3/4 and ability to find and extract common disk-based indicators of compromise
• Knowledge of Windows, Linux and/or OS X internals
• Knowledge of and experience in Malware Analysis to a minimum level of behavioural analysis
• Knowledge of and experience in memory analysis
• Ability to report key findings in a clear and concise manner both at technical and senior management level

Desired Attributes

• Experience with a scripting language such as Python, Ruby, Powershell or Bash is desirable
• Vendor independent qualification in Incident Response and Forensics such as GIAC, IISFA, IACIS, ISFCE, ECCouncil or CREST certifications (e.g. CFCE, CCE, CIFI, CHFI, ECIH, GCIH, GCIA, GCFA, GCFE, GREM, GCED, Intrusion Analyst, Network or Host Intrusion Analyst or Malware Reverse Engineer)
• Vendor specific qualification such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE) certification or X-Ways Professional in Evidence Recovery Techniques (X-PERT)
• It is preferred if candidates hold or could obtain a UK Government security clearance, although this is not a requirement

Personal Specification

• Professional attitude at all times
• Will be expected and willing to travel at short notice up to 65% of the time, both nationally and internationally and work out of hours when necessary (incident response is a reactive service where we never know what to expect, however typical deployments on-site do not extend beyond 2 weeks)
• You will work as part of a team and all members are expected to suggest and implement improvements to procedures and products based on their experience and interaction with clients. You will also be encouraged to share your knowledge within the team as part of the company’s information sharing culture
• You will also be encouraged to undertake personal research projects. Consultants frequently publish advisories, white papers and present at the leading security conferences. The most successful consultants have the ability to challenge previous assumptions and identify innovative methods for solving problems
• Consultants have the opportunity to train across a number of areas depending on their interests and while delivering Incident Response services may be the primary responsibility of the candidate, it will be possible to pursue training and work in other areas of  the company. This includes reverse engineering and vulnerability development, infrastructure and application penetration testing, malware analysis, WiFi security testing, risk and compliance (ie. PCI DSS, ISO 27001), mobile security and project management.
• The candidate will also be able to attend security conferences or external training courses. Consultants regularly attend security conferences such as Defcon, Blackhat, T2, BSides and 44con and both attend and provide training and workshops at such conferences. The candidate will also have the chance to train in non-technical areas such as project management and leadership.
• Many consultants are CREST certified and the candidate will have the opportunity to obtain relevant qualifications depending on personal interests such as Malware Analysis or Penetration Testing. Candidates will also have the opportunity to undertake or  work towards a leadership position within the team if they wish to do so. This would involve supporting the Practice Head in their duties, helping to guide and train more junior members of the team, improving the operating processes within the practice and helping to track key performance indicators.

Who we are…

Our client is a research-led cyber security consultancy working with clients around the world. They provide specialist advice and solutions on all areas of security, from professional to managed services through to commercial and open source security tools. Their focus is working with clients to develop and deliver security programmes, tailored to meet the needs of each individual organisation.

In a rapidly changing technology landscape, innovation is essential and their ambition is to push boundaries sets them apart. They are not satisfied with the first answer, they break things, reverse and research them until yhey have an understanding that is of real value. Central to this philosophy is the desire to deliver high quality cyber security consulting services and unsurpassed levels of support to their clients.

This is a great opportunity to work with some awesome people in a thriving business. If you have the ambition and expertise to fulfil this role then please contact us.