Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

IBM IBM X-Force Principal Incident Response Consultant 
United Kingdom, England, London 
977280053

24.06.2024
Our preferred candidate must be a resident of the United Kingdom * lives and works here and currently holds (or be able to obtain within six months) a UK government SC-level clearance. This hiring position does not offer sponsorship.Your Role and Responsibilities
  • Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
  • Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
  • Knowledge of cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
  • Knowledge of malware analysis concepts and methodologies.
  • Knowledge of adversarial tactics, techniques, and procedures.
  • Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).
  • Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)

• Skill in identifying, capturing, containing, and reporting malware.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
• Skill in using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
• Skill in analyzing memory dumps to extract information.
• Skill in using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
• Skill in recognizing and interpreting malicious activity within network evidence sources.
• Skill in conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
• Skill in preparing written reports and oral presentations for technical, executive, and legal audiences.
• Skill in Cyber Crisis Management (aka Incident Command) for large, complex cyber security incidents across a global base of mostly large enterprise clients.Essential

  • Experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
  • Demonstrable level of experience conducting incident response investigations.
  • Considerable experience leading incident response investigations, from triage/kickoff through to post-incident remediation.
  • Prior experience in a client-facing Incident Response consultancy role.

Preferred

  • Adequate level of experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
  • High Proficiency and skilled experience conducting incident response investigations.
  • High Proficiency and skilled experience of IT and/or information security experience.