Key responsibilities:

As a senior responder, you will be responsible for monitoring identifiers and suspect activity that indicates a potential security incident. This will make use of intrusion prevention systems, vulnerability scanning tools, and malware forensics. You will be proficient in IR with an understanding of real-world APT tools, tactics, and procedures, and be able to quickly determine the nature of the threat and deliver the appropriate response.

You will be expected to have:

• A technical career background in cyber of at least five years
• Experience in incident response or incident analysis
• Good awareness of the current threat landscape
• Familiarity with host forensic artefacts on both Windows and Linux, and their acquisition, processing, and interpretation
• Ability to undertake forensic analysis of a host to support requirements such as proof of existence and proof of execution
• Experience with network analysis and network intrusion detection
• Understanding of firewall rules, Windows and Linux tools for analysing packet capture, netflow, and raw log files such as those generated by firewalls, web servers, and proxies
• Experience of writing and implementing Snort/Suricata rules.
• Excellent understanding of TCP/IP networking and protocols (including HTTP, SSL/TLS, HTTPS, HTTP/2, DNS, SMTP, IPSEC)
• Good understanding of modern malware - execution methods, persistence, detection, C2 methods, delivery mechanisms (JavaScript, PowerShell, etc.), and entry points (phishing, drive-by, etc.)
• Knowledge of analysing artefacts to deduce behaviour of malware in an estate, including methods of entry, evidence of lateral movement, C2/exfiltration analysis, and remediation activities
• Familiarity with the challenges of processing large volumes of log traffic, including Windows event logs
• Familiarity with malware dynamic analysis to determine potential malicious intent of samples
• Some experience with static analysis and reverse-engineering of samples and C2 protocols
• Ability to innovate malware hunting methods
• General technical analysis and data correlation skills
• Familiarity with Elastic, Splunk, or similar would be beneficial
• Understanding of vulnerabilities and vulnerability detection
• Ability to launch and interpret network vulnerability scans, web scans, and port scans
• Good communication, reporting, and analytical skills
• Ability to produce and to review reports
• Proven experience with scripting/programming languages
• Ability to commit to small development projects (for example, in C or C++) as well as ad-hoc scripting (for example, in Python)
• Ability to work in and perform system administration skills using Windows and Linux
• Mentoring and team-working skills - ability to mentor as well as to learn from other team members
• Ability to review peer incident notes and reports

If you are interested in this role or similar others, please send us a copy of your CV and one of our consultants will get in touch as soon as possible.

Matchtech acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers and is part of Gattaca Plc.

Gattaca Plc provides support services to Matchtech and may assist with processing your application.