Incident Response Manager - London, United Kingdom - NonStop Consulting Ltd

NonStop Consulting Ltd

Verified Company

London, United Kingdom

3 weeks ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Responsibilities

Manage and coordinate cyber security incidents for clients working closely with the team lead.
Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
Provide an up to date view of the cyber threat, and advise clients on relevant threats and improve incident response capabilities
Develop in house cyberresponse tools
Access incident response capability maturity.
Project management of engagements to deliver high quality work
Engagement and risk management

Qualifications

Excellent communication skills (both written and oral) and project management skills.
Strong IT and network skills knowledge of common enterprise technologies
Windows and Windows Active Directory, Linux, Cisco, etc.
Working programming skillset to be able to author and develop tools written in Python, but we accept other languages.
Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamicmalware analysis / reverse engineering, advanced mobile device forensics
Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite
Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)
Experience with and understanding of enterprise Windows security controls

- (preferred) General information security certificates such CISSP, CISM or CISA.
- (preferred) Incident management certifications such as:

CREST certified incident manager (CCIM).
GIAC Certified Incident Handler (GCIH)

- (preferred) Digital forensics certificates such as:

CREST certified registered intrusion analyst (CRIA),
CREST certified network intrusion analyst (CCNIA),
CREST certified host intrusion analyst (CCHIA),
CREST certified malware reverse engineer (CCMRE),
GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)

- (preferred) A current government security

This position is well suited for an individual with 3 to 5 years of experience in cyber-security and incident response

For example:
a very common type of incident is ransomware on a single workstation/laptop. You should be able to guide a client througha structured incident response process - triage, containment, eradication and recovery.

If you are provided with forensic data such as:

disk image, memory image and network data capture or proxy logs, you should be able to identify malware artefacts, sourceof infection and use online research to identify malware family.

If this role is not quite right for you but you would like to have a conversation about other roles, please search and connect with me, Cody Murphy, on LinkedIn.