Incident Response Analyst

Social network you want to login/join with:
Pentest People is a UK-based security consultancy specialising in providing Penetration Testing as a Service to all its clients. Our innovative approach to security testing merges the benefits of consultant-led penetration testing with ongoing vulnerability assurance through our advanced SecurePortal. This provides clients with a continuous, living threat management system throughout the duration of the contract, rather than a single point-in-time assessment.
We’re expanding our Incident Response team and looking for a Incident Response Analyst to join us in tackling some of the most challenging cybersecurity threats. The role requires analytic thinking, problem solving skills and the ability to work in a fast-paced environment.
As part of our dynamic team, you will play a critical role in reducing the impact of cyberattacks and enchanting our clients security posture to prevent future attacks.
Key responsibilities include:
Conducting initial incident assessments and contribute to Incident Response management.
Participate in live Incident Response operations including digital forensics.
Perform security assessments, threat intelligence gathering and OSINT analysis.
Collaborating with other departments to facilitate a holistic cybersecurity service.
Engaging with clients on day-to-day basis and getting access to relevant logs and access to clients infrastructure for performing digital forensics.
Document incidents thoroughly, including timelines, affected systems, actions taken, and recommendations for future improvements.
Prepare comprehensive reports for clients.
Technical skills:
Demonstrated experience in responding to and investigating incidents whilst utilizing various monitoring, detection and investigation tooling – SIEM, SOAR, EDR etc.
Proficiency in log analysis of Networking, Windows, Mac and Linux and Cloud.
Understanding of evidence collection process based on priority.
Strong understanding of incident response following NIST 800-61 guidelines incorporating containment, eradication and recovery phases.
Experience with digital forensics and investigations, including evidence collection and chain-of-custody protocols.
Should have an understanding of tabletop exercises, and IR planning.
Should have an understanding of Technical Frameworks such as MITRE Attack, Lockheed Martin kill chain or Diamond model.
Should be able to perform dynamic malware analysis.
Qualifications:
Certifications such as ECIH, Security +, BTL1, Cysa+, SC-200 are good to have
Knowledge of open-source IR tools, such as Velociraptor, Eric Zimmerman Tools, Chainsaw, Volatility, SOF-elk, DFIR IRIS.
Experience in python or bash or Go.
About you:
Experience in managing stakeholders during live incidents to minimise impacts.
Strong communication skills, with the ability to manage and coordinate various incidents whilst remaining calm under pressure.
Ability to align client deliverables with industry best practices.
Experience in threat intelligence and analysis to support proactive IR.
Capable of taking ownership of tasks, ensuring quality delivery and supporting the IR's team growth.
While this role is advertised as remote, it will require occasional visits to client sites and the office as needed. Candidates must be based in the UK and have the right to work, as we are unable to provide sponsorship at this time. If you do not have SC eligibility, you must meet the requirements for SC, as this may be a necessary criterion.
We understand that job descriptions offer only a glimpse of the role. For more details, please feel free to reach out or apply, and we will be happy to provide additional information. Pentest People is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

#J-18808-Ljbffr