Lead and Senior Incident Response Analysts
|Job Title:||Lead and Senior Incident Response Analysts|
|Contact Name:||Nick Haaker|
|Job Published:||May 01, 2018 20:31|
Senior Incident Response Analyst & Technical Lead, Incident Response
Cyber security attacks are growing in severity and sophistication, 0 days are nightmares! I have 2 fantastic roles within Incident-Response that will help keep the UK secure as well as highly sensitive information!
My client's products and solutions are so good that they have had to grow the team of cyber security experts, developers and analysts based in Cheltenham. Due to that, I am on the lookout for a Senior Incident Reponses Analyst and a Lead to manage the team.
As a senior responder you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of Intrusion Prevention Systems, Vulnerability Scanning tools and Malware Forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures and be able to quickly determine the nature of the threat and deliver the appropriate response. You will be expected to have:
*At least 3 years previous experience as a Security Analyst
*Proven experience of intrusion detection and vulnerability analysis
*An appreciation of the chain of evidence and procedures surrounding forensic acquisition, as well as the ability to undertake forensic behavioural analysis on a host.
*Experience with network analysis tools and an ability to conduct packet capture analysis.
*Excellent understanding of networking principles including TCP/IP, DNS etc. and commonly used Internet protocols such as SMTP, HTTP etc.
*Operating systems and system administration skills in either Windows/ Solaris/ Linux
*Knowledge of Intrusion Detection Systems and methods of security hacking/penetration testing
*Perform malware triage to determine whether an identified file exhibits potential malicious intent.
*Working knowledge of at least one scripting language (Python, PHP, etc)
*Experience with reviewing raw log files, data correlation, and analysis (i.e. firewall, network flow, IDS, system logs)
The Technical Lead determines the technical direction the IR Team takes. You will also be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of Intrusion Prevention Systems, Vulnerability Scanning tools and Malware Forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures and be able to quickly determine the nature of the threat and deliver the appropriate response. Training and development will be provided for successful applicants, who are expected to have the following attributes:
*A technical career background within Cyber of at least five years.
*Experience in Incident Response or Incident Analysis.
*Good awareness of the current Threat Landscape
*Familiarity with host forensic artefacts, their acquisition, processing and interpretation. Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution.
*Experience with network analysis and network intrusion detection. Understanding firewall rules. Writing and implementing Snort/Suricata rules. Windows and Linux tools for analysing packet capture, netflow and raw log files such as generated by firewalls, web servers and proxies.
*Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC).
*Analysis of artefacts to deduce behaviour of malware within an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis and remediation activities.
*Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs.
*Familiarity with malware dynamic analysis to determine potential malicious intent of samples. Ideally some experience with static analysis and reverse-engineering of samples and C2 protocols.
*Ability to innovate malware hunting methods.
*General technical analysis and data correlation skills. Familiarity with Elastic, Splunk or similar beneficial.
*Understanding of vulnerabilities and vulnerability detection. Ability to launch and interpret network vulnerability scans, web scans and port scans.
*Good communication, reporting and analytical skills. Ability to produce and to review reports.
*Proven experience with scripting/programming languages. Ability to commit to small development projects (for example, in C or C++) as well as ad-hoc scripting (for example in Python).
*Ability to work within and perform system administration skills within Windows and Linux operating- systems.
*Mentoring and team working skills. Ability to mentor as well as to learn from other team members. Ability to read through and review peer incident notes and reports.
From enhanced email protection to malware hunting or network defence, the range of cyber security solutions are designed to meet the threats facing businesses today.
Role:"Senior Incident Response Analyst" & "Technical Lead, Incident Response"
Location:Cheltenham area (no travel required)
Salary:DOE + excellent benefits
these vacancies are only open to sole British Citizens. Applicants who meet this criteria will also be required to undergo security clearance vetting, if not already security cleared to a minimum SC level.
If you don't hear from us within 7 working days please presume your application has been unsuccessful on this occasion. You are of course free to resubmit your CV/details in the future and we shall assess your suitability at that time.
Electus Recruitment Ltd is acting as an Employment Agency in relation to this vacancy.
Get similar jobs like these by email
By submitting your details you agree to our T&C's