Experienced Incident Handler
Cyberis is searching for an experienced Incident Handler to work in a dynamic and exciting new position in the Incident Response Team. Our new colleague will demonstrate strong knowledge in incident handling, malware hunting and analysis, multiple scripting languages, forensics, and threat actor TTPs. In this very hands-on client facing role the main objective is to lead and manage incident response engagements, coach clients in the development of their incident response plan, conduct tabletop exercises, and train/mentor other security consultants. Leveraging your in-depth understanding of the threat actors’ tactics, techniques, procedures and tools, you will need to quickly glean situational awareness to provide guidance to the team members as well as to the client. In addition, from time to time you will help to create threat research work products such as blogs and presentations.
Our team is dynamic, innovative and dedicated to making a difference to our clients’ security efforts. We recognise and reward our employees for exceptional results. We offer flexible work options when available and emphasise the importance of work-life balance. Our clients demand high quality, expert advice. We work closely with our clients to ensure that the work we deliver adds value and makes a tangible difference in helping them achieve their wider security objectives.
Our head office is in Tewkesbury, Gloucestershire, however opportunities to be home-based are available. The ability to work from our office and work closely with us to help support and mentor less experienced consultants could be an advantage.
The work will require travel to client sites, UK wide. This is flexible and varies depending on client requirements. Opportunities to travel internationally may be available.
To be successful in this role you must possess strong consulting skills, deep technical knowledge, and the ability to work under tight timelines. The following will be the foundation of your role, however opportunities to be involved in the wider development of the company and service lines, are available.
- Lead Incident Response engagements and mentor/train junior analysts
- Lead Incident Readiness engagements including coaching clients in developing or refining their incident response plan and playbooks
- Develop, conduct, or participate in tabletop exercises with clients
- Participate in customer outreach and service delivery checkpoint efforts for incident management retainer customers.
- Actively focus on process improvement for the client facing Incident Response services
- Ensure the incident response technology roadmap is driven forward to enable the team to be more effective and unlock key business opportunities
- Liaise with specialist third-party providers where necessary and appropriate during an incident (e.g., where comprehensive digital forensics, or malware reverse engineering is required).
- Develop complete and informative reports and presentations for both executive and technical audiences
- Able to work under pressure in time critical situations
As an Incident Handler, you will form part of our on-call rota, and therefore you will need to be prepared to be called during nights and weekends should an incident be detected by our clients. You will also be expected to travel at short notice to customer sites during an incident where the nature of the response requires this.
Our ideal colleague will be a proven experienced Incident Handler with the following attributes:
- Must be UK based
- Excellent written and verbal communication skills with a focus on distilling and translating technically complex issues into simple, easy to understand concepts
- Experience coaching clients through the development of their incident response plans or conducting tabletop exercises
- Eligible and willing to undergo UK government clearance (SC Minimum)
- 4 + years experience
- Excellent client facing skills
- Highly motivated, self-driven with ability to work autonomously and within a team in a fast-paced environment
- Good time-management and organisational skills
As an experienced Incident Handler, you would be able to demonstrate competence in the following areas:
- Clear decision-making in time-critical and business-critical situations
- Flexible and dynamic application of incident handling methodology in rapidly-developing incident situations
- Knowledge of a wide range of adversary tactics and techniques - ideally with hands-on experience dealing with APT campaigns
- Familiarity with a broad range of operating systems and network technologies, including host-based analysis techniques for Windows, Linux and Mac OS X systems, making use of memory forensics and file analysis techniques where appropriate.
- A good understanding of Active Directory and Windows environments.
- A good practical knowledge of static and dynamic malware analysis techniques - including memory injection techniques and malware persistence mechanisms, as well as a clearly applied methodology for assessing suspected or confirmed malware.
- The ability to review firewall, web, database, and other log sources to identify evidence and artefacts of malicious and compromise activity.
- Experience with scripting and automation
- Understanding when it may be appropriate to call on other specialists during and incident (e.g., to conduct detailed forensics)
Helpful Experience, Skills and Qualifications
We are flexible in terms of the specific tools and techniques which you may have used in the past, but demonstrating experience with any or all of the following would be beneficial to your application:
- Subject matter expertise in malware analysis, digital forensics, operating system security, network security, cryptography, software security, security operations, and/or emergent security intelligence
- Experience leading the development of security tooling, infrastructure, documentation, processes and tabletop exercises
- Experienced with forensics software packages (e.g. EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, WireShark, TCPDump)
- Experience with scripting languages such as Python, PowerShell, Bash, etc.
- Ability to search for and identify new threats using YARA rules
- Knowledge and experience of malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger
- Information security professional certifications (SANS GCIH, CREST CCIM, CCHIA, CCNIA, CCMRE, CRIA or CPIA)
- Excellent salary and benefits package
- Salary negotiable depending on experience and qualifications
- Company pension
- Private healthcare
- 25 days annual holiday, plus bank holidays increasing to 30 days after 3 years
- 3 x salary death in service
- Excellent working conditions and environment