Cyber Incident Response Specialist

Cybersecurity Incident Response Specialist - CONTRACT OPPORTUNITY

• Remote with occasional trips to London (not expensed).
• £750.00 per day.
• 6 months.
• ASAP start, ASAP interviews.
• Right to work in the UK mandatory. 

The Cybersecurity Incident Response Specialist will be responsible for investigating, analysing and providing specialist expertise for the resolution of security incidents / attacks aimed at the client. 

Support the long-term strategic goals of Cyber Operations pillar support Senior Analysts and Analysts in managing incidents and liaise with SOC engineers to ensure appropriate security measures, technologies and processes are in place to avoid reoccurrence of incidents.

Incident detection:

• Demonstrate an ability to understand in detail how an incident has occurred without relying on alerts (e.g., reviewing logs and threat intelligence data).
• Support the Analyst in prioritizing incidents for further analysis, response, or closure.

Incident management:

• Provide specialist knowledge on specific types of attacks.
• Support Senior Analyst and Analyst in the management of an incident.

Objectives:

• Provide specialist input for the management of incidents where it is required. Identify, analyse, mitigate cybersecurity incidents. Minimise the overall effects of any incident.
• Liaise with Incident Response Lead where specialist input is required for the approval of incident reports and mitigations. Provide reports and updates to the wider team on incident management.
• Contribute to the development and maintenance of the Incident Management & Response playbooks. 
• Develop and implement procedures related to incident handling. Perform post-incident reviews.
• Evaluate the resilience of the cybersecurity controls and mitigation actions taken after an incident.
• Assist in cyber security and forensic investigations when they arise.
• Demonstrate an ability to understand in detail how an incident has occurred without relying on alerts (e.g., reviewing logs and threat intelligence data). Support the Analyst in prioritizing incidents for further analysis, response, or closure.
• Provide specialist knowledge on specific types of attacks. Support Senior Analyst and Analyst in the management of an incident.
• Recommend mitigations for vulnerabilities of operating systems and APIs.Capable of forensics to reverse-engineer malware as well as support Senior Analysts in closing incidents when called upon

Desired Experience:

• Demonstrate understanding of vulnerabilities of operating systems and APIs and recommend mitigations.
• Capable of forensics to reverse-engineer malware as well as support Senior Analysts in closing incidents when called upon.
• Qualifications and Experience
• At least 5 years' experience in Incident Management, SecOps or IT Security
• Experience of reviewing SIEM alerts and responding to them appropriately
• Experience working through cyber investigations independently
• Proven experience of Splunk or Sentinel
• Worked with EDR systems such as Defender or Symantec
• Knowledge of KQL and SPL
• Threat Hunting experience
• Experience working with third-party suppliers and vendors??
• Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems or similar
• Experience of working with and securing Azure & AWZ cloud workloads
• Ideally have experience in:
• AZ-500 or comparable level of knowledge
• CCSP/CCSK ideal but not essential
• CISSP ideal but not essential