Incident Response Specialist

hackajob is collaborating with BAE Systems Digital Intelligence to connect them with exceptional tech professionals for this role.

Incident Response Specialist

BAE Systems Digital Intelligence offers world class Incident Response services to customers across the globe. Our team investigates some of the most complex nation state threat actors and intrusions on a daily basis. We have a vacancy for a Digital Forensics & Incident Response Specialist. The successful candidate would be expected to conduct forensic analysis of Windows, Linux and macOS systems, analyse log files such as firewall, proxy and DNS logs, lead incident response investigations, threat research and malware-based investigations. Members of the Incident Response team are encouraged to learn about other areas of the wider business (such as Threat Intelligence and Security Testing), and there will be opportunities to cross train and upskill if the successful applicant is interested.

We are looking for candidates with a strong technical background and deep understanding of the threat landscape that can be applied during emergency response and ongoing threat research.

Responsibilities

• Lead the investigation of cyber-attacks against our customers as part of the global Incident Response team.
• Development of tradecraft in investigating complex attacks and mentoring of new joiners.
• Conduct forensic analysis of Windows, Linux and macOS systems.
• Perform analysis of log files such as firewall, proxy and DNS logs.
• Assessment of tools, techniques, and procedures of different actors ranging from hacktivist and criminal to state-sponsored groups.
  
  

Requirements

• Strong subject matter expertise in investigating and responding to cyber intrusions.
• Two years or more experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
• Experience using forensic tools such as EnCase, Velociraptor, Timesketch and Cellebrite UFED.
• Awareness of EDR tools such as Crowd Strike, SentinelOne, Microsoft Defender for Endpoint or Tanium.
• Self-starter with ability to identify problems early and develop solutions using own initiative.
• Ability to communicate complicated technical challenges in business language for a range of stakeholders, from IT teams to C-level executives.
• Ability to write Incident Response reports concisely and proficiently, as well as use graphics to illustrate scenarios or datasets.
• Willingness to travel for international engagements
  
  

Desirable Skills

• Knowledge of or willingness to learn scripting/programming languages such as Python, PowerShell and C#.
• Familiarity with the threat landscape and knowledge of threat actors and campaigns.
• Certifications such as CREST (CCIM, CCHIA, CCNIA, or CCMRE) or GIAC (GEIR, GCFE, GCFA, GNFA, or GREM) are an advantage.