Cyber Incident Response Analyst

  • Job ref:


  • Location:

    Bristol, England

  • Sector:


  • Job type:


  • Salary:

    Up to £1 per annum

  • Contact:

    Tom Barrett

  • Email:

  • Published:

    almost 2 years ago

  • Start date:


Cyber Incident Response Analyst

Location: Bristol based

Salary: Negotiable on application

SC Clearance will be required to start

We're looking for a Cyber Incident Response Analyst specialising in host forensics and malware analysis to join the Cyber Incident Response Team (CIRT).

What will you be doing?

A typical day includes investigating alerts from security appliances on our client's estates, researching better ways to detect, analyse and respond to emerging threats based on cyber threat intelligence and maintaining our core capabilities and services through proper reporting, documentation and process development. In the event of a confirmed or suspected cyber security incident, you'll be responsible for advising clients on the best course of action or taking the reigns and confidently understanding the extent, impact and possible remedial action, while capturing appropriate intelligence and supporting evidence during an investigation. Response may be conducted remotely or on client site.

You'll also have the opportunity to get involved in our consulting engagements, which might see you training our clients on-site in best practice for cyber response, conducting investigations or supporting our cyber consulting team as a technical specialist.

Who would suit this role?

This role would ideally suit a seasoned incident responder, malware analyst or digital forensics investigator with experience of conducting enterprise-scale investigations and threat hunting. The role will also involve occasional travel whilst conducting incident response work and the ability to attain SC clearance (minimum).

Your key responsibility areas will include:

  • Reporting directly to the Senior Cyber Incident Response Analyst, supporting the professional delivery of all Cyber Incident Response services

  • Acting as the subject matter specialist in malware analysis for threat intelligence or during an ongoing incident

  • Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground

  • Advising clients on how to best implement mitigation measures which might prevent or limit future incidents

  • Providing specialist cyber knowledge to clients and to the internal team

  • Conducting threat hunting across available security devices and through operating system native or custom tooling and capability

  • Developing threat intelligence such as the creation of YARA, OpenIOC and Snort signatures from the analysis of malware samples and output of incident investigations.

We're looking for somebody that has:

  • Excellent knowledge of the inner workings of Windows Operating Systems

  • Excellent knowledge of how malware works and experience in tearing it apart to understand its capabilities and draw out actionable threat intelligence

  • Some knowledge of the fundamentals of Unix systems including MacOS and Linux distributions(Debian, Ubuntu, CentOS, etc)

  • Excellent knowledge of host-based investigations including digital forensic principles and practices

  • Excellent report writing skills

  • Ability to create YARA, OpenIOC and Snort signatures

  • Fundamental knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications

  • Some experience of packet-level analysis, firewall and hypervisor administration, network appliance log analysis and management of network intrusion detection and prevention systems

  • Some knowledge of Cyber Security Incident Response processes and procedures

  • Some knowledge of Cyber Threat Intelligence creation, management and use

  • Some experience in winning commercial bids and delivering technical services

  • Some experience in developing and delivering commercial cyber security consulting services

  • Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash.