Digital Forensics & Incident Response Analyst

Maersk
Maidenhead
3 weeks ago
Applications closed

Related Jobs

View all jobs

Cyber Security Analyst

Security Engineer

SOC Manager

Senior Security Engineer

Technical Security Analyst

Cyber Security Incident Response Team (CSIRT) Specialist

Join Maersk’s Groundbreaking Cyber Team: Redefining Incident Management & Response

Imagine a career where you're not just responding to security incidents—you’re revolutionising how it’s done. At Maersk, one of the world’s largest and most respected logistics and shipping companies, our Cyber team is pioneering a whole new approach to incident response. This isn’t your typical DFIR role: our combined fire team approach is built on cutting-edge research and designed to drive change, resilience, and agility in ways the industry has never seen before.

Here, you’ll be part of a dynamic team that works together to defend, adapt, and innovate with freedom and purpose.

You won’t just work on Digital Forensics, you’ll help improve how it’s done. Dive into purple teaming, create and refine world-class detections, shape change projects, and push the boundaries of what’s possible—all during the workday with no overnight shifts. Plus, we champion continuous learning and growth through Capture the Flag (CTF) exercises and direct opportunities to bring your ideas to life.

Are you ready to be part of something transformational at Maersk and join a team that’s setting a new standard in cybersecurity?

  • Join a World-Class Cyber Team: Be part of an elite cyber operation at one of the globe’s most renowned logistics companies, where your contributions truly make a difference.
  • Further develop forensic capabilities in Traditional and modern cloud, OT and AI driven space.
  • Conduct threat hunting by analysing data to identify existing threats on the network and support proactive content analysis.
  • Support the continuous improvement of Maersk’s capability to detect and respond to incidents by collaborating with other teams across Cyber Operations.
  • Work on key Cyber Security uplift projects, representing the Respond delivering results and embedding new capabilities into BAU.
  • Provide an out-of-hours incident on-call technical/forensic response on a rota basis.
  • Provide detailed forensic RCA to key stakeholders, supporting Cyber Security Incident team during deep dive investigations and PIR.
  • Fulfil a key role within the Incident Management team to support Senior Technical Leads in investigation, resolution and recovery objectives.
  • Support the 24/7 team when required in monitoring security alert feeds to detect, triage and investigate security events and classify them as incidents where appropriate.

Key responsibilities

  • Provide detailed forensic RCA to key stakeholders, supporting Cyber Security Incident team during deep dive investigations and PIR.
  • Further develop forensic capabilities in Traditional and modern cloud, OT and AI driven space.
  • Conduct threat hunting by analysing data to identify existing threats on the network and support proactive content analysis.
  • Support the continuous improvement of Maersk’s capability to detect and respond to incidents by collaborating with other teams across Cyber Operations.
  • Work on key Cyber Security uplift projects, representing the Respond delivering results and embedding new capabilities into BAU.
  • Provide an out-of-hours incident on-call technical/forensic response on a rota basis.
  • Fulfil a key role within the Incident Management team to support Senior Technical Leads in investigation, resolution and recovery objectives.
  • Support the 24/7 team when required in monitoring security alert feeds to detect, triage and investigate security events and classify them as incidents where appropriate.

Services Overseen

Rotation around the following:

  • Protective Systems Monitoring
  • Malicious Compromise Forensic investigation
  • Threat & Behavioural Analytics
  • Threat Hunting
  • Security Incident Management
  • Project Engagement and Delivery
  • Strategic Planning Input to evolve Forensics Capability

Required experience & skills

  • Technical Forensic capability across Endpoint, Cloud and Operational Technology (OT) infrastructure.
  • Experience in conducting Digital Forensic investigations for Windows and Linux operating systems, preferably at Enterprise scale.
  • Excellent Digital Forensic knowledge including Event Log analysis, Registry, Browser based artefacts and knowledge of various File Systems as well as where to find evidence of access, execution and lateral movement.
  • The ability to learn a previously unknown artefact and to actively apply this knowledge to an ongoing investigation.
  • Investigation skills to expose Persistence mechanisms and File-less techniques in Windows, Linux, MacOS.
  • Conduct thorough host and network investigations to analyse and highlight ways to mitigate malicious activities.
  • Hands on exposure to memory forensic investigations (preferred but not essential).
  • Knowledge around Cloud based Digital Forensics key artefacts and best practice.
  • Good knowledge of Digital Forensic tooling such as X-Ways, EnCase, Autopsy, TimeSketch, Plaso.
  • Outstanding critical reasoning and problem-solving skills.
  • Excellent written and verbal communication skills and able to be understood by both technical and non-technical stakeholders.
  • Stakeholder management and interpersonal skills (at both a technical and non-technical level).
  • Ability to provide rapid and concise summaries of complex situations.
  • Ability to work under pressure and autonomously or under general direction as required.
  • Ability to manage conflicting priorities and multiple tasks.
  • The role holder will have proven experience working in a Security Operations Centre (SOC) and/or Computer Emergency Response Team (CERT) within a team of other analysts and engineers.
  • Experience in Threat Hunting.
  • Experience in Incident Response (preferred but not essential).
  • Excellent knowledge of typical security devices such as SIEM, firewalls, etc.
  • Experience of working in fast-paced, high-pressure environments.
  • Previous project engagement and execution of delivery.
  • Contribute to cyber incident Response management and engage in the CSIRT process for high-priority incidents.
  • Serve as an escalation point for junior analysts.
  • Deliver exceptional quality in Incident Response.

Soft Skills:

  • Operations Management & Issue Resolution: Ensure smooth operations and continuity by proactively identifying and addressing operational issues, team dynamics, and inefficiencies in ticket handling.
  • Report Writing:Ability to write reports that convey highly technical information whilst remaining accessible to a non-technical audience (including at executive level).
  • Communication:Exhibit excellent written/verbal communication skills, with the ability to develop documentation and explain technical details in a concise manner.
  • Mentorship:Training and guiding junior team members, promoting a culture of knowledge sharing and continuous learning.
  • Critical Thinking, Adaptability & Problem-Solving:Demonstrate strong analytical skills and flexibility to adapt to changing priorities and emerging cybersecurity threats while effectively solving problems.
  • Time Management & Organization:Prioritize tasks efficiently and maintain organized documentation and processes to enhance team productivity.
  • Teamwork & Positive Attitude:Foster a collaborative environment where team members feel supported, practicing active listening, motivating the team, and maintaining a positive demeanour, especially in high-pressure situations.

Qualifications

  • Minimum of 5+ years in a SOC/forensics role.
  • Relevant advanced certifications (e.g., GCIA, GSEC, CEH, GCDA, GCIH, GCFA) are highly desirable but not essential.
  • Proven self-learning abilities demonstrated through research, GitHub projects, bug hunting, active participation in public cybersecurity forums, or high scores on platforms like HTB, Immersive Labs, TryHackMe, and SANS CTF.

Benefits of working with us

  • Flexible working arrangement:Remote working with occasional in person team building activities.
  • Collaborative Culture:Experience a supportive and inclusive work environment that values teamwork and innovation. We believe in open communication and knowledge sharing, ensuring that every team member feels empowered and valued.
  • Work-Life Balance:We understand the importance of maintaining a healthy work-life balance. Our flexible working arrangements and supportive policies enable you to excel in your role while enjoying your personal life.

#J-18808-Ljbffr

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.

Cyber Security Job Interview Warm‑Up: 30 Real Coding & System‑Design Questions

The need for skilled cyber security professionals has never been greater. As organisations rapidly digitise their operations and store increasing amounts of sensitive data online, cyber threats loom large—ranging from sophisticated ransomware attacks to insider threats and state‑sponsored espionage. Against this backdrop, cyber security jobs remain some of the most in‑demand and mission‑critical roles on the market. If you’re preparing for a cyber security interview, expect to be tested on a broad spectrum of topics—from secure coding and incident response to network security architecture and compliance standards. In many cases, companies also include problem‑solving exercises and system design scenarios to gauge how well you can apply theoretical knowledge to real‑world threats. To help you ace these assessments, we’ve compiled 30 real coding & system‑design questions you might encounter. Each reflects a key area of cyber security—whether it’s encryption and key management, threat modelling, or designing a zero‑trust network. Along the way, we’ll offer insights and best practices so you can stand out from the crowd. If you’re on the lookout for exciting cyber security roles in the UK, head to www.cybersecurityjobs.tech. There, you’ll discover a range of positions—covering everything from penetration testing and threat intelligence to compliance management and security operations. Let’s dive into the essentials of interview readiness.

Negotiating Your Cybersecurity Job Offer: Equity, Bonuses & Perks Explained

How to Secure Compensation That Reflects Your Value in the UK’s High-Stakes Cybersecurity Sector Introduction As cyber threats grow more sophisticated and frequent, cybersecurity professionals have never been more in demand. From thwarting ransomware attacks to architecting secure cloud infrastructures, mid‑senior cybersecurity experts play a critical role in safeguarding a company’s data and reputation. Thanks to this growing reliance on cybersecurity, employers in the UK are going above and beyond simple salary offers to attract the top echelon of talent. Although base salary remains a key component of any job offer, the broader package—encompassing equity, bonuses, and perks—can often surpass what you’d gain from a small bump in monthly pay. For cybersecurity specialists working in areas such as threat intelligence, incident response, penetration testing, or compliance, the complexity and risk mitigation you bring to the table is massive. Knowing how to negotiate the entire package ensures you are duly rewarded for keeping an organisation’s data, assets, and operations safe. In this guide, we’ll delve into every aspect of negotiating a cybersecurity job offer. Whether you’re pivoting to a mid‑senior role or cementing your expertise at an established security consultancy, understanding the full range of compensation elements will help you secure an offer that acknowledges the criticality of what you do. Let’s explore equity options, performance bonuses, and the perks that matter most, so you can come out of your next job negotiation confident that you’re getting more than just a salary.