Incident Response Lead

Start: ASAP

Location: Home working

Essential Skills

• Customer focus - Be able to communicate with customer points of contact and provide incident updates to various stakeholders.
• Produce high level clear and concise investigative reports.
• Assist with developing and running tabletop exercises.
• Experience in creating and maintaining incident response plans.

Incident Response and Digital Forensic Required Skills & Experience

• Understand the incident response framework and the tasks associated at each stage (PICERL).
• Understanding of the Cyber Kill Chain.
• Provide analytical triage of alert/event data.
• Knowledge of SIEM, EDR, IPS/IDS and other network security technologies.
• Assist with scoping prospective engagements.
• Acquisition of cloud data (Azure, AWS).
• Perform host based investigations (including memory and image acquisition).
• Display strong network investigative and diagnosis skills.
• Produce preliminary and ongoing timeline of attack activities.
• Carry out threat hunting engagements within customer environments utilising the latest threat intelligence and aligning to the MITRE ATT&CK framework.
• Utilise automation technologies to enable the swift deployment of Incident Response tooling and customer communication channels.
• Identify and manage IOCs
• Perform onboarding activities for IR customers
• Proactively update and create playbooks where necessary.
• Knowledge of malware analysis.
• At least the ability to obtain security clearance, better if already have it
• Posses or in the process of studying for one or more of the following certifications: GREM, GCFA, GCFE.

Technical Knowledge

• Digital Forensics
• Host/Network Intrusion Analysis
• Unix/Linux
• Windows (Endpoint and Server)
• Experience working with network security products (EDR, IPS, Web Proxy, etc.)

Project People is acting as an Employment Business in relation to this vacancy.