IBM IBM X-Force Principal Incident Response Consultant 

United Kingdom, England, London 

977280053

Our preferred candidate must be a resident of the United Kingdom * lives and works here and currently holds (or be able to obtain within six months) a UK government SC-level clearance. This hiring position does not offer sponsorship.Your Role and Responsibilities

• Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
• Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
• Knowledge of cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
• Knowledge of malware analysis concepts and methodologies.
• Knowledge of adversarial tactics, techniques, and procedures.
• Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).
• Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)

• Skill in identifying, capturing, containing, and reporting malware.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
• Skill in using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
• Skill in analyzing memory dumps to extract information.
• Skill in using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
• Skill in recognizing and interpreting malicious activity within network evidence sources.
• Skill in conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
• Skill in preparing written reports and oral presentations for technical, executive, and legal audiences.
• Skill in Cyber Crisis Management (aka Incident Command) for large, complex cyber security incidents across a global base of mostly large enterprise clients.Essential

• Experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
• Demonstrable level of experience conducting incident response investigations.
• Considerable experience leading incident response investigations, from triage/kickoff through to post-incident remediation.
• Prior experience in a client-facing Incident Response consultancy role.

Preferred

• Adequate level of experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
• High Proficiency and skilled experience conducting incident response investigations.
• High Proficiency and skilled experience of IT and/or information security experience.