Senior Incident Response Analyst

Terms: Permanent Location: Cheltenham, Gloucestershire Salary: Up to £75k

CORVID provides advanced and innovative cyber security protection services, using sophisticated means to detect and manage technical security incidents. There is an opportunity for an experienced Incident Response (IR) Technical Lead to join this team.

Key responsibilities

As a senior responder, you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of intrusion prevention systems, vulnerability scanning tools, and malware forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures, and be able to quickly determine the nature of the threat and deliver the appropriate response.

Skills and experience

You will be expected to have:

  • A technical career background in cyber of at least five years
  • Experience in incident response or incident analysis
  • Good awareness of the current threat landscape
  • Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation
  • Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution
  • Experience with network analysis and network intrusion detection
  • Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files such as those generated by firewalls, web servers, and proxies
  • Experience of writing and implementing Snort/Suricata rules
  • Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC)
  • Good understanding of modern malware – execution methods, persistence, detection, C2 methods, delivery mechanisms (JavaScript, PowerShell, etc.), and entry points (phishing, drive-by, etc.)
  • Knowledge of analysing artefacts to deduce behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities
  • Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs
  • Familiarity with malware dynamic analysis to determine potential malicious intent of samples
  • Some experience with static analysis and reverse-engineering of samples and C2 protocols
  • Ability to innovate malware hunting methods
  • General technical analysis and data correlation skills
  • Familiarity with Elastic, Splunk, or similar would be beneficial
  • Understanding of vulnerabilities and vulnerability detection
  • Ability to launch and interpret network vulnerability scans, web scans, and port scans
  • Good communication, reporting, and analytical skills
  • Ability to produce and to review reports
  • Proven experience with scripting/programming languages
  • Ability to commit to small development projects (for example, in C or C++) as well as ad-hoc scripting (for example, in Python)
  • Ability to work in and perform system administration skills using Windows and Linux
  • Mentoring and teamworking skills – ability to mentor as well as to learn from other team members
  • Ability to review peer incident notes and reports

How to apply

To apply for this role, please visit the main Ultra application site.

Apply now