Cyber Incident Response Consultant

Thanks to continued growth we are now seeking a Consultant to join our Cyber Incident Response team in London. As the Consultant you will have responsibility for delivering Control Risks' cyber response projects to our clients. This involves undertaking compromise assessments, business email compromise investigations and leading the technical response on complex cases. This role will report to the Associate Director of Cyber Response (Technical) and work closely with the Cyber Crisis Management team. The successful candidate will have an investigative background, a technical skill set and a deep understanding of current and emerging threat actors.

Role tasks and responsibilities

Technical response

• Leading and assisting with host and network-based investigations. Collaborating with the Digital Forensics Incident Response (DFIR) team to deliver the work you are engaged on.
• Threat hunting using EDR Tooling to evaluate an attacker's spread through a system and network, anticipating and thwarting further attacker activity.
• Perform live compromise assessments for organisations who suspect a compromise.
• Detect and hunt unknown live, dormant, and custom malware in memory across multiple systems in an enterprise environment.
• Assist with commercialising the technology and automation developed to ensure it is fit for purpose.
• Demonstrate an understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers.
• Work with the Cyber Threat Intelligence team to identify where they could benefit from the technical information acquired during Cyber Response cases. Also identify and implement where threat intelligence can be leveraged through tooling and automation.
• Advise on the safe technical recovery of an organisations IT systems balancing the need to understand what has happened but speed up recovery.

Client Management

• Ensure tooling and automation developed is customer friendly to deploy and use. Be responsible for any customer queries that arise from the use of the technology and automation.

Reporting

• Provide situation reports and other significant case related material to the client and the Head of Cyber Response.
• Provide documentation to the relevant consultants in sufficient time to allow review and feedback, before submitting to a client.
• Supporting the growth of the Cyber Response practice
• Discuss and input into Control Risks’ cyber response methodologies and approaches and tailoring the approach in changing market conditions.
• This role has a requirement to be on call.
• Identifying potential new areas of growth and opportunity.

Requirements

Essential

• Proven experience leading investigations of cyber incidents
• Technical degree or demonstrated knowledge of common networks, software and hardware used in business environments
• Experience in conducting log analysis and digital forensics following a cyber incident
• Proven experience in responding to cyber-attacks
• Demonstrable experience of operating within a Security Operations Centre
• Fluent in English (written and spoken)
• Excellent presentation skills
• Excellent analytical skills

Preferred Qualifications and specialist skills

• Strong understanding of MITRE ATT&CK techniques / sub-techniques. The ability to articulate TTPs to clients in non-technical terms.
• Experience in generating SIGMA rules for host detection, SNORT rules for network detection and YARA Signatures for file and memory artefact identification.

Benefits

• Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer.
• We operate a discretionary global bonus scheme that incentivises, and rewards individuals based on company and individual performance.
• Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together - in the office and with our clients - while continuing to support flexible and remote working.
• As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.