Cyber Security Incident Responder - Manchester

Cyber threats are becoming more regular and more sophisticated, we need your help to combat these cyber incidents and leave work every day knowing you’ve made a difference!
 
A well-known information technology client is looking to add a Cyber Security Incident Response member to their Advanced Threat Centre. In this role you will sit in the Security Operations Threat Intelligence team and will be responsible for managing the end to end investigation of Cyber Incidents.

In this position, we are looking for somebody who has a strong technical background as well as a passion for cyber security. When you are not dealing with cyber incidents you will support the teams in proactively research cyber security incidents as well as liaising with other teams in the Security Operations Centre to provide viable feedback on the latest cyber technologies and trends.
 
Role Responsibilities:

• Take part in Incident Response investigations from initial investigation through to completion
• Support the delivery of cyber threat intelligence services
• Acquire and investigate server logs, firewall logs, intrusion detection system alerts, traffic logs and host system logs.
• Conduct forensic acquisitions of disks, RAM, mobile telephone and other relevant devices.
• Perform malware analysis.
• Develop the latest incident response tools and techniques utilising upon open source principles.
• Provide comprehensive and accurate reports for both technical and non-technical clients from both research and incident investigation

Required Skills:

• Proven understanding of the Cyber Kill Chain, MITRE ATTACK and other information security defence and intelligence frameworks.
• Incident handling, threat hunting and threat intelligence.
• Collecting logs from and utilising HIDS, IDS/IPS systems, SIEMs, AD controllers and firewalls.
• Correlate events from various sources to create incident timelines.
• Exposure of cloud-based infrastructure including Microsoft Azure and Office 365, Amazon AWS, and Google Cloud.
• Cyber Investigations/Cyber Incident Response as well as demonstrating full ownership of incidents
• Knowledge of appropriate Incident Response tools

Desirable skills:

• Analysing packet captures and NetFlow logs from monitoring devices, typically WireShark.
• Exposure to enterprise-scale infrastructure and technology stacks.
• SANS or CREST accreditation

Due to the nature of this work, the successful candidate will need to hold or be eligible and willing to go through Security Clearance.