Cyberark Incident Response Senior Consultant 

United Kingdom 

713929170

Responsibilities:

• Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
• Develop Incident Response initiatives that improve our ability to respond and remediate security incidents effectively.
• Tracing malware activity and patterns and understanding how to remove malware non-destructively.
• Recognize attacker Tools, Tactics, and Procedures (TTP) and Indicators of Compromise (IOC) and apply to future incident response events.
• Analyze binary files to determine the legitimacy and extract IOCs when possible
• Conducting forensic examinations on physical devices and performing analyses on live and collected memory.
• Create and refine detection and incident response playbooks.
• Collaborate with internal and customer teams to investigate and contain incidents.
• Produce high-quality written reports, presentations, and recommendations, to key stakeholders including customer leadership, and legal counsel.
• Establishing a collaborative environment for sharing data on machine timelines and suspicious events.
• Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.

• 4+ years’ experience working with incident investigations and containment procedures
• 4+ years’ experience with network, disk, memory, and cloud forensics
• Minimum 1 year of experience leading Incident Response investigations and performing the following: network/log forensics, malware analysis, disk forensics, and memory forensics.
• Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
• Skilled in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives
• Experienced deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.

Experienced with the following:

• EDRs such as CrowdStrike Falcon, SentinelOne, MDE
• Leading projects and debriefing customers
• Creating and modification of scripts
• Enterprise security architecture and security controls.
• Cloud incidents and forensic responses.
• Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux
• Software deployment tools such as Intune, Jamf, Ansible, Puppet, SCCM, CPO, and AWS System Manager.

Preferred experience:

• Collection tools such as Splunk, Kibana, or ELK Stack
• Familiarity with collection tools like Splunk, Kibana, or the ELK Stack.

Preferred certifications:

• GCIH, GX-FA, GNFA, GREM, GCIA, CREST CPIA, CREST CFIA, CFCE, CEH, etc.