Please check your email .
Position - Service Lead for Incident Response and Blue Team
My client are a security consultancy based in the UK. As an established boutique they perform technical security assessments for a diverse range of clients focusing on high street banks and financials within the UK and wider EU/US, and hold the top industry accreditation's within CREST and NCSC for security assessment.
Under our Active Breach brand we also perform Adversary Simulation and Assumed Breach engagements for organisations with high security maturity and "Blue Teams" with numerous industry-leading defensive technologies and products. A key value-add for our business is providing insights into these technologies and improving their effectiveness.
They are looking for an industry-proven senior consultant who can formalise and deliver an Incident Response function which can support our Active Breach team.
This will cover all aspects of a client's requirements such as:
Preparing an organisation's incident response policy,
Defining first responder steps for the organisation,
Acting as the lead point of contact on incident investigations including stakeholder management, planning, decision-making and delivery.
Responsibilities In charge of overall quality for service area. Includes sampling reports, proposals, working in a supporting role across multiple jobs and providing feedback to directors
Developing and updating sales collateral, proposal material
Developing methodology, material and process for delivering work, responsible for curating new tools, techniques, results
Liaising with the sales team to attend meetings, provide technical and sales guidance and material for services
Responsible for updating and assisting with aspects of the hiring and on-boarding process
Directing or performing targeted research in the sector
Curating and updating internal wiki/knowledge bases with information
My client are technically focused and as such we expect this to be a "hands-on" role, and not a purely management role. You will be expected to lead small and large-scale breach investigations for the client base and perform all technical levels of the investigation from stakeholder communication to technical forensics, supported by their technical team.
Pro-active approach to defining the business area and driving development of the above responsibilities
Understanding of common enterprise network architectures including Windows-based Domains, *nix infrastructures and management, network segmentation
Familiarity with common capabilities and resources of typical enterprises including default logging and common barriers to forensic assessment and how these may be overcome familiarity with common attacker MO
Ability to craft custom approaches to ingesting and correlating data and to challenge or enhance the Blue Team's capabilities
A range of soft-skills including client-facing pre-sales, stakeholder management, planning, decision-making
Desirable Low-level understanding of the Windows and *nix OS architecture Low-level forensics experience (malware analysis, host analysis)
In-depth understanding of the popular blue team products and capabilities including SIEMs, Splunk, EDR, IDS/IPS
Detailed knowledge of the Cyber Kill Chain and specifically the common post-exploitation steps of modern adversaries
Bachelor degreeIf this role sounds like something you would be interested in, please send your CV, ideally in Word format, via this site.
If this role is not quite right for you but you would like to have a conversation about other roles, please search and connect with me, Cody Murphy, on LinkedIn