Introduction
As a Principal Incident Response Consultant at IBM X-Force Incident Response, you will be responsible for managing and coordinating major cyber incidents across our clients' enterprise environments. During a major cyber incident, Principal IR Consultants are responsible to ensure all relevant stakeholders are kept informed, engagement objectives are met or exceeded, and coordinate and lead junior consultants in the response effort. A Principal Incident Response Consultant can communicate effectively with client executives, technical teams, counsel and other stakeholders to deliver excellence in responding to and resolving incidents. You are expected to be both a technical expert but also able to communicate the salient points of interest to a diverse body of stakeholders, many of whom will not have a technical background.
Want more jobs like this?
Get Data and Analytics jobs in London, United Kingdom delivered to your inbox every week.
Our preferred candidate must be a resident of the United Kingdom * lives and works here and currently holds (or be able to obtain within six months) a UK government SC-level clearance. This hiring position does not offer sponsorship.
Your Role and Responsibilities
Knowledge
- Knowledge of processes for collecting, packaging, transporting, and storing electronic evidence while maintaining chain of custody.
- Knowledge of cyber attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks).
- Knowledge of cloud service models (e.g., IaaS, PaaS and SaaS) and how those models can limit digital forensics and incident response.
- Knowledge of malware analysis concepts and methodologies.
- Knowledge of adversarial tactics, techniques, and procedures.
- Knowledge of system and application security threats and vulnerabilities (e.g., buffer overflow, mobile code, cross-site scripting, SQL injection, race conditions, covert channel, replay, return-oriented attacks, malicious code).
- Relevant industry certifications (e.g., GCFE, GCFA, CISSP, etc.)
Required Technical and Professional Expertise
• Skill in identifying, capturing, containing, and reporting malware.
• Skill in recognizing and categorizing types of vulnerabilities and associated attacks.
• Skill in using endpoint detection and response (EDR) tools (e.g., Crowdstrike, Cortex, Carbon Black) to detect and respond to security incidents at scale.
• Skill in using log management and event correlation tools (e.g., Splunk, ELK, QRadar).
• Skill in analyzing memory dumps to extract information.
• Skill in using forensic tool suites (e.g., X-Ways, EnCase, Sleuthkit, FTK).
• Skill in recognizing and interpreting malicious activity within network evidence sources.
• Skill in conducting forensic analyses across multiple operating system platforms (e.g., Windows, Linux, macOS).
• Skill in preparing written reports and oral presentations for technical, executive, and legal audiences.
• Skill in Cyber Crisis Management (aka Incident Command) for large, complex cyber security incidents across a global base of mostly large enterprise clients.
Preferred Technical and Professional Expertise
Essential
- Experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
- Demonstrable level of experience conducting incident response investigations.
- Considerable experience leading incident response investigations, from triage/kickoff through to post-incident remediation.
- Prior experience in a client-facing Incident Response consultancy role.
- Adequate level of experience in Cyber Crisis Management (aka Incident Command) roles that required the ability to convey complex technical matters to non-security audiences (e.g., client executives and legal teams).
- High Proficiency and skilled experience conducting incident response investigations.
- High Proficiency and skilled experience of IT and/or information security experience.