Location – Bristol
Salary – Negotiable + Package
Our client is a global high-tech company and one of the key players in Aerospace, Defence and Security. They are the largest inward investor in the UK defence sector, and one of the biggest suppliers of defence equipment to the UK MoD.
They’re looking for a Cyber Incident Response Analyst specialising in host forensics and malware analysis to join their clients Cyber Incident Response Team (CIRT). The CIRT delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace.
What will you be doing?
A typical day includes investigating alerts from security appliances on our client’s estates, researching better ways to detect, analyse and respond to emerging threats based on cyber threat intelligence and maintaining our core capabilities and services through proper reporting, documentation and process development. In the event of a confirmed or suspected cyber security incident, you’ll be responsible for advising clients on the best course of action or taking the reigns and confidently understanding the extent, impact and possible remedial action, while capturing appropriate intelligence and supporting evidence during an investigation. Response may be conducted remotely or on client site.
You’ll also have the opportunity to get involved in our consulting engagements, which might see you training our clients on-site in best practice for cyber response, conducting investigations or supporting our cyber consulting team as a technical specialist.
Your key responsibility areas will include:
- Reporting directly to the Senior Cyber Incident Response Analyst, supporting the professional delivery of all Cyber Incident Response services
- Acting as the subject matter specialist in malware analysis for threat intelligence or during an ongoing incident
- Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground
- Advising clients on how to best implement mitigation measures which might prevent or limit future incidents
- Providing specialist cyber knowledge to clients and to the internal team
- Conducting threat hunting across available security devices and through operating system native or custom tooling and capability
- Developing threat intelligence such as the creation of YARA, OpenIOC and Snort signatures from the analysis of malware samples and output of incident investigations
Why Should You Apply?
We offer fantastic opportunities for learning, development and professional growth. As a team, we dedicate time to research projects and encourage our specialists to get involved in the InfoSec community in Bristol and beyond, promoting sharing and constant development.
We want to support you and encourage you to fulfill your potential through:
- Flex-leave schemes: We offer our employees the time and flexibility they need to enjoy a balanced life
- Annual leave: We offer 25 days holiday plus 8 bank holidays
- Supportive relocation package: to make your move to Bristol even more attractive
- Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution
- Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits
- Reserve Forces: We provide positive support to the Reserve Forces and allow employees who are Reservists to take additional time off
- Free parking: This is available on or near all our sites
- Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities and vouchers
- Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace
This role would ideally suit a seasoned incident responder, malware analyst or digital forensics investigator with experience of conducting enterprise-scale investigations, threat hunting or malware analysis. It would also suit a systems administrator looking to enter the field of incident response.
- Willing to undertake occasional travel whilst conducting incident response work
- Hold or be eligible for SC Clearance (minimum)
- Excellent knowledge of the inner workings of Windows Operating Systems
- Excellent knowledge of how malware works and experience in tearing it apart to understand its capabilities and draw out actionable threat intelligence
- Some knowledge of the fundamentals of Unix systems including MacOS and Linux distributions (Debian, Ubuntu, CentOS, etc)
- Excellent knowledge of host-based investigations including digital forensic principles and practices
- Ability to create YARA, OpenIOC and Snort signatures
- Fundamental knowledge of common networking and routing protocols (e.g. TCP/IP) and services (e.g. TLS, DNS, SMTP)
- Some experience of packet-level analysis, firewall and hypervisor administration, network appliance log analysis and management of network intrusion detection and prevention systems
- Some knowledge of Cyber Security Incident Response processes and procedures
- Some knowledge of Cyber Threat Intelligence creation, management and use
- Some experience in winning commercial bids and delivering technical services
- Practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash.
If interested in discussing further, or in having an informal chat, please contact Thom Taylor on Thomas.firstname.lastname@example.org.