Cyber Security Incident Response & Management

Home / Apply / Cyber Security Incident Response & Management

Published: 13th January 2021

ROLE OVERVIEW

At Quorum Cyber we believe in helping good people win. Founded in Edinburgh in 2016, we are growing a team of passionate people providing professional and managed cyber security services to organisations worldwide.

We currently have an opportunity for an exceptional individual to join our professional services team, focusing on cyber security incident response and management.

Job Purpose

The purpose of the role is to help customers effectively respond to and manage cyber-security incidents, ranging from compromise assessments, to live incident response and digital forensics.

The successful candidate will demonstrate a strong technical background, experience in incident response and a passion for defending Customers against cyber-attacks.

You will be able to guide a client through a structured process – triage, containment, eradication and recovery. If provided with forensic data such as disk images, memory images and network logs, the successful candidate should be able to pull the pieces of the puzzle together, understand the extent of an attack, identify malware artefacts, source of infection, and articulate the actions taken by threat actors on a clear timeline of events.

In addition to responding to incidents, you will help our clients build or strengthen their internal incident response capabilities, from assessing their current incident response maturity to assisting them to develop processes and tools, authoring runbooks/playbooks, and wargaming cyber-scenario exercises.

Finally the role will also include the ability to work with and mentor junior team members, as you develop and grow the capability internally in Quorum Cyber, with an opportunity to quickly grow into Team Leadership and Management positions.

Responsibilities:

  • Respond, manage and co-ordinate cyber security incidents.
  • Digital forensics of relevant incident data (disk, volatile memory, network captures, log files).
  • Maintain a current view of the cyber threat landscape and advise on relevant threats and attacks.
  • Assess and improve Customer incident response capability maturity.
  • Project management of engagements to deliver high quality work in a timely manner.

Skills & Qualities

Required Skills and Experience:

Candidates should possess:

A broad understanding of the cyber security threat landscape.

  • Strong technical background in cyber security across endpoints and networks.
  • Experience of dealing with cyber security incidents.
  • Experience of being part of an incident response team, either holding a formal role, or being able to evidence your personal contribution to the team.
  • Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.

Qualifications & Skills:

Excellent communication skills (both written and oral) and incident/project management skills.

  • Strong IT and network skills – knowledge of common enterprise technologies – Microsoft Office365, Microsoft Azure, Windows Active Directory, Linux, Cisco, AWS, GCP, etc.
  • Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics
  • Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)
  • (Preferred) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.
  • (Preferred) General information security certificates such CISSP, CISM or CISA.
  • (Preferred) Incident management certifications such as:
    • CREST certified incident manager (CCIM)
    • GIAC Certified Incident Handler (GCIH)
  • (Preferred) Digital forensics certificates such as:
    • CREST certified registered intrusion analyst (CRIA)
    • CREST certified network intrusion analyst (CCNIA)
    • CREST certified host intrusion analyst (CCHIA)
    • CREST certified malware reverse engineer (CCMRE)
    • GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)

Above all, we are looking for someone who is passionate about helping our clients with their cyber security challenges, often at a time of critical need. In return, we are committed to helping you to enjoy the role and develop your skills and career within Quorum Cyber.

What we can offer you

  • A dynamic entrepreneurial environment
  • Unlimited Holiday
  • Flexible working schedule
  • Pension Scheme
  • Private Medical cover
  • The right mix of challenges, learning and development opportunities
  • Support to attend events and training where beneficial to you in your role at Quorum Cyber

Process 

Our approach and style are professional and polished, yet down to earth.  Whilst challenging, we hope the process will be as engaging and insightful for you as it will be for us.

Individuals seeking employment must note we see diversity as vital – creating a better workplace that delivers better outcomes. So, we are keen to maximise the diversity of the workforce and actively encourage applications from anyone and everyone.

In the first instance please submit your CV to our Talent Manager at [email protected]