Cyber Incident Response Analyst
Location: Bristol, England
Our market leading, multi-national client is looking for a Cyber Incident Response Analyst specialising in host forensics and malware analysis to join their Cyber Incident Response Team (CIRT). This role would ideally suit a seasoned incident responder, malware analyst or digital forensics investigator with experience of conducting enterprise-scale investigations, threat hunting or malware analysis. It would also suit a systems administrator looking to enter the field of incident response.
The Cyber Incident Response Analyst will investigate alerts from security appliances on client’s estates, researching better ways to detect, analyse and respond to emerging threats based on cyber threat intelligence and maintaining core capabilities and services through proper reporting, documentation and process development.
In the event of a confirmed or suspected cyber security incident, you’ll be responsible for advising clients on the best course of action or taking the reins and confidently understanding the extent, impact and possible remedial action, while capturing appropriate intelligence and supporting evidence during an investigation. Response may be conducted remotely or on client site.
You’ll also have the opportunity to get involved in consulting engagements, which might see you training clients on-site in best practice for cyber response, conducting investigations or supporting cyber consulting team as a technical specialist.
Your key responsibility areas will include:
• Reporting directly to the Senior Cyber Incident Response Analyst, supporting the professional delivery of all Cyber Incident Response services
• Acting as the subject matter specialist in malware analysis for threat intelligence or during an ongoing incident
• Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground
• Advising clients on how to best implement mitigation measures which might prevent or limit future incidents
• Providing specialist cyber knowledge to clients and to the internal team
• Conducting threat hunting across available security devices and through operating system native or custom tooling and capability
• Developing threat intelligence such as the creation of YARA, OpenIOC and Snort signatures from the analysis of malware samples and output of incident investigations
Skills, Qualifications & Knowledge Required
• Excellent knowledge of the inner workings of Windows Operating Systems
• Excellent knowledge of how malware works and experience in tearing it apart to understand its capabilities and draw out actionable threat intelligence
• Some knowledge of the fundamentals of Unix systems including MacOS and Linux distributions(Debian, Ubuntu, CentOS, etc)
• Excellent knowledge of host-based investigations including digital forensic principles and practices
• Excellent report writing skills
• Ability to create YARA, OpenIOC and Snort signatures
• Fundamental knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications
• Some experience of packet-level analysis, firewall and hypervisor administration, network appliance log analysis and management of network intrusion detection and prevention systems
• Some knowledge of Cyber Security Incident Response processes and procedures, as well as Cyber Threat Intelligence creation, management and use
• Some experience in winning commercial bids and delivering technical services
• Some experience in developing and delivering commercial cyber security consulting services
• Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash.
Please check the job details, then fill in your details below and click "Submit now".