The I&R team is currently looking for an experienced and highly motivated problem solver to act as a network forensic analyst and incident responder in the United Kingdom to process and mitigate cyber threat actor activity as part of a high performing, high profile team of information security and CI professionals. Adaptability, creativity, a commitment to mission, self-direction, and strong written/verbal communication skills are essential.
Key responsibilities
- Perform analytic and network forensic duties including:
- Cyber security monitoring
- Host- and network-based log analysis
- Correlation of network threat indicators and PCAP data
- Analytical triage and prioritisation of concurrent incidents
- Incident response (both intrusion and privacy related)
- Incident timeline generation
- Root cause analysis and remediation
- Detailed written reporting of incident investigations
- Define and recommend security policy changes to security devices such as firewalls, proxies, email gateways, Intrusion Detection/Prevention Systems, end-point application whitelisting and anti-virus solutions, and Data Loss Prevention solutions
- Perform host-based cyber forensics investigations (including live memory and system image acquisition, maintaining chain-of-custody, producing investigative reports) in support of data recovery, Incident Response, HR/Ethics employee investigations, Insider Threat investigations, and Legal/litigation cases as needed
- Conduct cyber-threat trend analysis and reporting, and devise pro-active mitigations to reduce risk
- Collaborate with I&R and Strategic Counterintelligence (CI) analysts worldwide to co-ordinate a multi-tiered approach to cyber threat mitigation and tracking of trends which will result in the denial of current and future adversary actions
- Perform malware analysis to determine and mitigate again adversary tactics, techniques, and procedures, and undertake or assist with reverse engineering of adversary tools
- Execute cyber-threat hunting, vulnerability scanning, and penetration testing (as needed)
- Support and participate in cyber exercises; identify capability and process gaps; recommend improvements
- Generate custom scripting and coding to facilitate effective processing of cyber threat related indicators and data
- Carry out cyber-threat intelligence and counter-intelligence missions as a key component of the analytic role, including Cyber Kill Chain reconstruction, identification/analysis/mitigation of adversary infrastructure and avenues of approach, and research on adversary attribution and intentions
- Provide security consulting and briefing support to company leadership in the areas of policy, cyber threats, cyber exercises, network security infrastructure/products
- Assist in security architecture planning, design and testing of new technologies and capabilities to optimise security posture and cost effectiveness as needed
- Assist in cyber security-related business development efforts, to include program capture efforts, proposal strategy and planning, resource assessments, and direct-charge program SOC support as needed
- Establish and maintain positive working relationship with corporate network security stakeholders in EMEA and the U.S., as well as U.K. government/defence points of contact as necessary
- Produce high-quality written threat activity highlights and monthly summary reports to be incorporated into summaries for highest level corporate leadership dissemination
- Support production of cyber-threat educational material for employees.
General Operational duties
- Attend Security department meetings and EMEA strategy working groups as required
- Remain compliant with all applicable Security/Information Security processes and procedures
- Support the EMEA Security Manager in maintaining and advancing a fit-for-purpose I&R capability in the UK
Essential Criteria:
- Bachelor’s degree or equivalent in a Computer Science/Engineering related field
- Significant experience in the analysis of network communication protocols at all layers of the OSI model
- Extensive experience in an analytical role focused primarily on network forensic analysis
- Experience with Splunk security information and event management (SIEM) solution
- Evidenced experience of conducting analysis of electronic media, log data, and network devices in support of intrusion analysis or enterprise level information security operations
- Track record of using two or more enterprise level perimeter or endpoint security products
- Significant experience of large data sets and high-performance computing systems in a high threat environment
- Experienced in applying and developing cyber threat intelligence methodologies
- Hold one or more of the following technical certifications (or equivalent):
- GIAC Certified Incident Handler (GCIH) / GIAC Certified Intrusion Analyst (GCIA)
- GIAC Certified Forensic Analyst (GCFA) / GIAC Certified Forensic Examiner (GCFE)
- GIAC Network Forensic Analyst (GNFA)
- Certified Computer Forensic Examiner (CCFE)
- GIAC Reverse Engineering Malware (GREM)
- GIAC Certified Penetration Tester (GPEN)
- GIAC Cyber Threat Intelligence (GCTI)
- Splunk Core Certified
- Certified Information Systems Security Professional (CISSP)
- EnCase Certified Examiner (EnCe)
- Certified Ethical Hacker (CEH)
- Offensive Security Certified Professional (OSCP)
It would be beneficial if you had:
- Familiarity with current information security threats facing aerospace defence contractors or Government systems
- Knowledge/experience of ISO20000 & ISO27001
- Previous experience performing Red/Blue Team activities
Additional Information:
- Looking for flexibility? Speak to us at application stage about what may be possible.
- Applicants will be required to hold and maintain UK Government Security Clearance