Location: Cheltenham | Salary: Negotiable |
Sector: Client Delivery, Defence, Engineering | Specialism: |
Type: Permanent | Contact: Nick Taylor |
Senior Cyber Incident Response Analyst
Cheltenham
Permanent
Brief
Senior Cyber Incident Response Analyst needed for an IT service provider specialising in cyber security based in Cheltenham who are looking to employ an experienced and well-rounded Senior Cyber Incident Response Analyst that takes pride in their work.
As a senior responder, you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of intrusion prevention systems, vulnerability scanning tools, and malware forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures, and be able to quickly determine the nature of the threat and deliver the appropriate response.
UK SC Clearance required to start.
What experience you need to be the successful Senior Cyber Incident Response Analyst:
- A technical career background in cyber of at least five years
- Experience in incident response or incident analysis
- Good awareness of the current threat landscape
- Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation
- Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution
- Experience with network analysis and network intrusion detection
- Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files such as those generated by firewalls, web servers, and proxies
- Experience of writing and implementing Snort/Suricata rules
- Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC)
- Good understanding of modern malware - execution methods, persistence, detection, C2 methods, delivery mechanisms (JavaScript, PowerShell, etc.), and entry points (phishing, drive-by, etc.)
- Knowledge of analysing artefacts to deduce behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities
- Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs
- Familiarity with malware dynamic analysis to determine potential malicious intent of samples
- Some experience with static analysis and reverse-engineering of samples and C2 protocols
- Ability to innovate malware hunting methods
- General technical analysis and data correlation skills
- Familiarity with Elastic, Splunk, or similar would be beneficial
- Understanding of vulnerabilities and vulnerability detection
- Ability to launch and interpret network vulnerability scans, web scans, and port scans
- Good communication, reporting, and analytical skills
- Ability to produce and to review reports
- Proven experience with scripting/programming languages
- Ability to commit to small development projects (for example, in C or C++) as well as ad-hoc scripting (for example, in Python)
- Ability to work in and perform system administration skills using Windows and Linux
- Mentoring and team-working skills - ability to mentor as well as to learn from other team members
- Ability to review peer incident notes and reports
This really is a fantastic opportunity for a Senior Cyber Incident Response Analyst to progress their career. If you are interested please apply as soon as possible as this position will be filled quickly so don't miss out!
Services advertised by Gold Group are those of an Agency and/or an Employment Business.
We will contact you within the next 14 days if you are selected for interview. Privacy Policy. Equal Opportunity and Diversity Policy.