Cyber Incident Response Analyst

Cyber Incident Response Team Lead

Based in Bristol

Competative Package

Key Responsibility Areas

* Leading the professional delivery of all Cyber Incident Response and Digital Investigation services

* Acting as the subject matter specialist in cyber incident response and related disciplines to the wider business

* Providing specialist cyber knowledge, insight, and training to clients and to internal teams on an ad-hoc basis and through the delivery of formal training courses

* Developing threat intelligence capabilities and strategies in conjunction with other operational teams and customers

* Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground, with excellent technical leadership to promote confidence based on your skills and experience

* Advising clients on how to best implement mitigation measures which might prevent or limit future incidents, working with customer and internal teams to create effective response strategies

* Authoring and reviewing customer Cyber Incident Response Plans

* Leading threat hunting programmes across available security devices and through operating system native or custom tooling

* Managing a small team of technical specialists and supporting their professional development through coaching, training, and performance reviews

Skills, Qualifications & Knowledge Required

* Excellent knowledge of the inner workings of Windows Operating Systems

* Excellent knowledge of how malware works and some experience in tearing it apart

* Good knowledge of the fundamentals of Unix systems including MacOS and Linux distributions

* Excellent knowledge of host-based investigations including digital forensic principles and practices

* Good knowledge of Cyber Threat Intelligence capabilities and strategy implementation

* Excellent knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications

* Good experience in packet-level analysis, firewall and hypervisor administration, network appliance log analysis, and management of network intrusion detection and prevention systems

* Excellent knowledge of Cyber Security Incident Response processes and procedures with real-world application

* Experience in winning commercial bids and leading the delivery of technical consulting services

* Some practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash

* Report writing and reviewing skills

* Some experience of creating and delivering technical and managerial training courses to internal teams and customers