SOC Principal- Incident Response

About Ekco

🚀 Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients’ existing technology investments.

☁️ In a few words, we take businesses to the cloud and back!

🌍 We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.

The role

We are growing our MSS Incident Response function and we are looking for an experienced and highly skilled incident response professional to drive the function forward. This subject matter expert will play a crucial role within the incident response function, leading response and supporting preparedness across our Customer base.

We are looking for a highly skilled Individual who has in-depth subject matter knowledge and experience that can help to mould and drive improvements across the Incident Response function while supporting the wider Managed Security Services teams including SOC and Cyber Threat Intelligence.

Key Responsibilities

Incident Response:

• Lead Incident Response efforts, providing support to clients across the incident response lifecycle.
• Responsible for conducting end to end live response investigations, root cause and forensic analysis including timelining and documentation.
• Conduct preparedness exercises for clients.
• Lead and support customer engagement activities across SOC and IR operations, supporting customer calls, service improvement, lessons learned and post incident reviews.
• Develop and maintain appropriate process documentation.
• Act as a mentor to incident response resource.

SOC Operations:

• Assist the Head of SOC across day to day operations providing operational support and across detection and response services and capabilities ensuring a best in class services to our clients.
• Act as a guide and mentor to the SOC Operation acting as an escalation point for complex incidents leading post incident reviews

Wider Responsibilities:

• Positively contribute to the generation of cyber threat intelligence.
• Positively contribute to detection engineering efforts.
• Generate hunting leads for operational teams.
• Provide expert support and guidance for client incidents handled by SOC teams.

About You

• Minimum of 5-6 years proven experience working within MSSP/professional services incident response
• Strong expertise and understanding in the configuration, deployment and operation of SOC technologies (SIEM, EDR, SOAR, etc)
• In-depth expertise in the analysis of logs, artefacts, security events, IOCs, tactics, techniques and procedures (TTP’s)
• Strong practical knowledge of incident response processes
• Strong practical knowledge and expertise supporting the forensic investigations during complex incident response engagements across multiple technologies and operating systems (Windows, Linux, Unix)
• Practical experience of IR forensics toolsets – Magnet Axiom, Velociraptor, EnCase, KAPE etc

• Deep understanding of the cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, CIS) and threat landscapes
• Proven ability to handle high-pressure situations, make critical decisions, and manage complex incidents.
• Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively
• Previous experience of mentoring and developing incident response resource
• Strong organisational and administrative skills, with attention to detail
• Good problem-solving abilities with a proactive focus on finding innovative and practical solutions.
• Ability to work collaboratively in a fast-paced environment

Bonus points if you have:

• Relevant IR certifications such as CREST (CRIA CCIM), GIAC (GCIH/GCIA/GCFA), CISSP, CISM are highly desirable.
• Practical experience of IR forensics toolsets – Magnet axiom, Velociraptor, EnCase, KAPE etc
• Previous experience creating and delivering cyber incident exercises and simulations for client organisations
• Malware analysis certifications and experience

Benefits/Perks

• ☀️ Time off - 25 days leave + public holidays
• 🎂 x1 day Birthday leave per year
• 💰 Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
• 📞 Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
• 🏃‍♀️ EkcOlympics - a global activity for fun!
• 📚 Learning & development - Unlimited access to Pluralsight learning platform

• 🌱 A lot of responsibilities & opportunities to grow (also internationally)

Why Ekco

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the year
• 🚀 VMware & Veeam top partner status
• 🏅 Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
• 🌈Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
• 🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression
• ✨ Flexible working with a family friendly focus are at the core of our company values