Cyber Incident Response Analyst

Cyber Incident Response Analyst

We have partnered with a large multi-national organisation who specialise in Aerospace & Defence. We are looking for a Cyber Incident Response Analyst specialising in host forensics and malware analysis to join the Cyber Incident Response Team (CIRT)

You will be joining an organisation that believe in empowering their employees, you will be offered fantastic opportunities for learning, development and professional growth. As a team, they dedicate time to research projects and encourage their specialists to get involved in the InfoSec community

Key responsibilities

  • Reporting directly to the Senior Cyber Incident Response Analyst, supporting the professional delivery of all Cyber Incident Response services

  • Acting as the subject matter specialist in malware analysis for threat intelligence or during an ongoing incident

  • Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground

  • Advising clients on how to best implement mitigation measures which might prevent or limit future incidents

  • Providing specialist cyber knowledge to clients and to the internal team

  • Conducting threat hunting across available security devices and through operating system native or custom tooling and capability

  • Developing threat intelligence such as the creation of YARA, OpenIOC and Snort signatures from the analysis of malware samples and output of incident investigations

Knowledge & experience

  • Excellent knowledge of the inner workings of Windows Operating Systems

  • Excellent knowledge of how malware works and experience in tearing it apart to understand its capabilities and draw out actionable threat intelligence

  • Some knowledge of the fundamentals of Unix systems including MacOS and Linux distributions(Debian, Ubuntu, CentOS, etc)

  • Excellent knowledge of host-based investigations including digital forensic principles and practices

  • Excellent report writing skills

  • Ability to create YARA, OpenIOC and Snort signatures

  • Fundamental knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications

  • Some experience of packet-level analysis, firewall and hypervisor administration, network appliance log analysis and management of network intrusion detection and prevention systems

  • Some knowledge of Cyber Security Incident Response processes and procedures

  • Some knowledge of Cyber Threat Intelligence creation, management and use

  • Some experience in winning commercial bids and delivering technical services

  • Some experience in developing and delivering commercial cyber security consulting services

  • Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash.


  • You will be offered the flexibility to enjoy a healthy work life balance

  • 25 days holiday plus 8 bank holidays

  • Supportive relocation package

  • Award-winning pension scheme:

  • Employee discount schemes

  • Reserve Forces: They provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off

  • Free parking

  • Salary sacrifice schemes

  • Career break: Where appropriate, they will support employees in pursuing other interests outside the workplace

Technical & professional Qualifications

  • Valid SC Clearance or the ability to obtain this.