Connecting to LinkedIn...

Incident Response and Digital Forensic Lead Consultant

Job Title: Incident Response and Digital Forensic Lead Consultant
Contract Type: Contract
Location: England
Salary: Negotiable
Start Date: ASAP
Duration: 3-mnths rolling
REF: FJS-C-IncidReport_AD_1620763825
Contact Name: Alice Davis
Contact Email:
Job Published: over 1 year ago

Job Description

Incident Response and Digital Forensic Lead Consultant (PICERL/Cyber Kill Chain/ SIEM/ EDR/ IPS/ IDS / Azure/ AWS/ MITRE ATT&CK framework) is urgently required by our Global IT Services Client, for a rolling 3-month, home based contract.

We are looking for a candidate with a combination in the following:

  • Understand the incident response framework and the tasks associated at each stage (PICERL).
  • Understanding of the Cyber Kill Chain.
  • Provide analytical triage of alert/event data.
  • Knowledge of SIEM, EDR, IPS/IDS and other network security technologies.
  • Assist with scoping prospective engagements.
  • Customer focus - Be able to communicate with customer points of contact and provide incident updates to various stakeholders. -
  • Acquisition of cloud data (Azure, AWS).
  • Perform host based investigations (including memory and image acquisition).
  • Display strong network investigative and diagnosis skills.
  • Produce preliminary and ongoing timeline of attack activities.
  • Produce high level clear and concise investigative reports.
  • Carry out threat hunting engagements within customer environments utilising the latest threat intelligence and aligning to the MITRE ATT&CK framework.
  • Utilise automation technologies to enable the swift deployment of Incident Response tooling and customer communication channels.
  • Identify and manage IOCs
  • Assist with developing and running tabletop exercises.
  • Perform onboarding activities for IR customers
  • Proactively update and create playbooks where necessary.
  • Knowledge of malware analysis.
  • At least the ability to obtain security clearance, better if already have it
  • Posses or in the process of studying for one or more of the following certifications: GREM, GCFA, GCFE.

Technical Knowledge

  • Digital Forensics
  • Host/Network Intrusion Analysis
  • Unix/Linux
  • Windows (Endpoint and Server)
  • Experience working with network security products (EDR, IPS, Web Proxy, etc.)
  • Experience in creating and maintaining incident response plans.

This is a very urgent role. Please apply as soon as possible if you would like to be considered.

Project People is acting as an Employment Business in relation to this vacancy.