• Accountable and responsible for Incident Response, Partner Communication, and Resolution.
• Serve as primary lead in Incident Response Processes, maintaining excellent communication skills, both oral and written, with various audiences.
• Work cross-functionally and adhere to escalation procedures with other parts of the Organization.
• Adapt situationally and understand new technology/processes as per the business/partner requirement.
• Mentor, guide, and direct SOC Analysts and IR Specialists.
• Serve as an escalation point while working collaboratively and independently to resolve issues.
• Research, analyze, and document findings, including root cause analysis.
• Maintain patience and thoughtful communication to facilitate client interactions.
• Contribute to capability development, proposition development, and thought leadership initiatives.
• Perform other duties as assigned by Management and Team Leads.

Skills: Incident Response, Collaboration, Communication, Escalation Management, Leadership, Root Cause Analysis, Adaptability, Client Relations

• Take a lead role in client investigation and response engagements, shaping the response strategy with stakeholders ranging from technical teams to senior management.
• Report and present detailed results and recommendations to both technical and non-technical stakeholders.
• Work in partnership with sales teams to demonstrate the capacity and capability of the forensics business to potential clients.
• Collect and investigate data from diverse systems and software to understand attacker activity and develop effective containment strategies.
• Engage in skills transfer both internally and with customers.
• Respond in real time to advanced attackers in complex and dynamic environments.
• Collaborate with an expert and motivated team to ensure methodologies remain at the cutting edge.
• Work closely with other cybersecurity teams to enhance the overall suite of service offerings.
• Take on responsibility for relationships with third parties, such as technology alliance partners.
• Assist with scoping prospective engagements, participate in investigations from kickoff through remediation, and mentor less experienced staff.

Skills: Investigation Leadership, Stakeholder Communication, Sales Support, Data Forensics, Knowledge Sharing, Incident Response, Team Collaboration, Partner Management

• Automate tracking and discovery of threats by leveraging internal and external data sources.
• Conduct host and network forensics, log analysis, and malware triage in support of network hunting or incident response investigations.
• Investigate the impact on customers to determine if new detections or compromise notifications are necessary.
• Correlate data collected during hunts or incident response engagements against internal intelligence repositories.
• Correlate collected intelligence with malware research to expand the knowledge base of tracked threat activity.
• Utilize available technology to conduct investigations and examine endpoint and network-based sources of evidence.
• Recognize and codify attacker tools, tactics, and procedures (TTPs) into indicators of compromise (IOCs) that can be applied to current and future investigations.
• Research and develop methods of tracking and detecting malicious activity within networks.
• Develop scripts, tools, or methodologies to enhance incident investigation processes for both customers and internal teams.
• Create comprehensive and accurate reports and presentations tailored to technical and executive audiences.
• Communicate investigative findings and strategies effectively to client stakeholders, including technical staff, executive leadership, and legal counsel.
• Work with client security and IT operations teams to implement remediation plans in response to incidents.
• Provide training and mentorship, deliver presentations to small groups, and speak at public forums such as conferences.

Skills: Threat Automation, Forensic Analysis, Customer Impact Assessment, Intelligence Correlation, Malware Research, IOC Development, Threat Detection, Reporting & Communication

• Lead incident response team and coordinate incident response engagements effectively and efficiently, responding to cybersecurity incidents for clients in the region, including during non-traditional working hours, with flexibility to travel on short notice.
• Lead incident response team engagements and perform compromise assessments for clients across the region.
• Proactively hunt for threats related to cybersecurity attacks (tactics, techniques, and procedures) within client environments using Endpoint Detection and Response (EDR) solutions.
• Develop detailed incident response and compromise assessment reports for executive management and technical cybersecurity personnel.
• Communicate effectively with client management and technical personnel, presenting incident response findings and mapping them to business impact.
• Develop and document processes and procedures related to incident response services to ensure consistent and scalable operations.
• Foster a collaborative and thriving team environment.
• Conduct knowledge-sharing sessions with team members and continuously exchange expertise within the team.
• Adhere to departmental and organizational processes, procedures, and standards.

Skills: Incident Response, Threat Hunting, Compromise Assessment, Report Writing, Client Communication, Process Development, Team Leadership, Knowledge Sharing

• Get in the trenches with customers during a breach to help them contain and remove active threats from their Active Directory.
• Perform post-breach investigations to identify Active Directory vulnerabilities, how attackers may have gained privileged access, and what domain persistence they may have installed.
• Develop remediation strategies and plans for containing and removing threats from customers’ Active Directory and effectively communicate them to customer stakeholders and technical staff.
• Perform security assessments of customers’ Active Directory environments, encompassing architectural review, operational review, security configuration review, and attack path analysis.
• Develop roadmaps for customers to uplift their Active Directory security posture.
• Help customers optimize their deployment of products to best protect their Active Directory.
• Provide input and feedback to engineering, product, and security research teams.
• Maintain expert knowledge of Active Directory attacks and security features.
• Develop internal tools and methodologies to improve capabilities and deliverables.

Skills: Breach Response, Post-Breach Investigation, Remediation Planning, Security Assessment, Security Roadmapping, Product Optimization, Threat Research, Tool Development

• Lead client engagements across the incident response services portfolio to help clients prepare for and reduce the risk of attacks, act as the key point of contact for senior client stakeholders, set direction for project teams, and be accountable for the technical excellence of delivery.
• Assess organisations’ ability to detect and respond to cyber attacks.
• Understand organisations’ vulnerability to specific cybersecurity threats.
• Deliver remediation projects for clients who have experienced cybersecurity incidents, and assist in planning cyber transformations.
• Test and improve cyber incident response plans, runbooks, and processes.
• Design and implement improvements to detection tooling.
• Use purple teaming to tune and validate detection capabilities.
• Implement targeted improvements to increase the cost to the attacker.
• Provide mentoring and oversight to the incident response practice to help the team grow and develop.
• Collaborate and build relationships with the wider Cyber Security practice, share insights gained from responding to incidents, and help other teams win and deliver work.
• Originate, cultivate, and maintain relationships with existing and new clients, and support outreach and business development efforts in collaboration with other teams.
• Develop, enhance, or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities for innovation or disruption.
• Support the execution of the business strategy and grow the organisation’s reputation in the cybersecurity market.
• Play a key role in the global incident response community to support knowledge sharing, practice development, and pursue opportunities in collaboration with global colleagues.

Skills: Client Engagement, Threat Assessment, Vulnerability Analysis, Remediation Delivery, Response Planning, Detection Improvement, Purple Teaming, Business Development

• Hands-on consulting experience performing Incident Response, or experience in Incident Response in a non-consulting environment.
• Creative problem-solving abilities and an analytic and qualitative eye for reasoning.
• Experience in writing blogs and whitepapers.
• Ability to operate in a fast-paced, ever-changing environment.
• Self-motivated with a knack for innovation and project success.
• Flexible and adaptable self-starter with strong relationship-building skills.
• Must have a passion for work and an ability to apply that passion to both daily tasks and larger projects.
• Collaborative and team-oriented attitude.
• Effective problem-solving capabilities.
• Take initiative and approach all tasks and projects proactively.
• Strong documentation skills, ability to write high-level reports, and comfortable creating documents and processes.
• Ability to prioritize and complete multiple tasks with little to no supervision.
• Intellectual curiosity, humility, accountability, and a positive approach.
• Ability to work independently with substantial latitude for action and decision while maintaining focus on achieving optimal outcomes as part of a collaborative development effort.

Qualifications: BS in Computer Science with 3 years of Experience

• Incident Management experience and experience with investigating targeted attacks across large enterprise networks.
• Solid understanding of client-server infrastructures, security architectures, and related logging and alerting.
• Knowledge of TCP/IP networking with the ability to perform network forensic analysis.
• Solid understanding of file-system analysis, including FAT, NTFS, HFS+, and/or EXT2/3/4, and ability to find and extract common disk-based indicators of compromise.
• Knowledge of Windows, Linux, and/or OS X internals.
• Knowledge of the phases of Incident Response as defined by NIST.
• Familiarity with common attack techniques.
• Knowledge of and experience in memory analysis.
• Ability to report key findings clearly and concisely, both at the technical and senior management levels.
• Knowledge of and experience in Malware Analysis to a minimum level of behavioral analysis.
• Experience with a scripting language such as Python, Ruby, PowerShell, or Bash.
• Knowledge of common cloud technologies.
• Vendor independent qualification in Incident Response and Forensics, such as GIAC, IISFA, IACIS, ISFCE, ECCouncil, or CREST certifications.
• Vendor-specific qualification, such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE) certification, or X-Ways Professional in Evidence Recovery Techniques (X-PERT).

Qualifications: BS in Digital Forensics with 7 years of Experience

• Experience in information security and 4 years of experience handling incidents.
• Can clearly communicate the Incident Response Lifecycle and the Kill Chain (Attack) Life Cycle.
• Detailed understanding of current cybersecurity threats, attacks, and countermeasures, such as Advanced Persistent Threat (APT), Cyber Crime, Hacktivism, and associated tactics
• Consistent track record of understanding recognized IT Security-related standards and technologies, demonstrated through training, job experience, and/or industry activities.
• Hands-on experience with SIEM, EDR, and SOAR tools.
• Practical knowledge of malware analysis and reverse engineering basics, including static/dynamic analysis, to support incident investigations.
• Network forensics and packet analysis expertise, with tools like Wireshark, Zeek, or Suricata, to identify anomalies and attacker activity.
• Ability to write and maintain detection rules/signatures (YARA, Snort, Sigma) and custom scripts for automation (Python, PowerShell, Bash).
• Must be willing to be on-call and work off-shift hours, to include nights, weekends, and holidays.
• Industry certifications such as the CISSP, CISM, CISA, GCIH, CFCE, GCFA, GNFA, and/or GCFE.

Qualifications: BS in Information Technology with 5 years of Experience

• Work experience in cybersecurity and incident response.
• Excellent communication skills (both written and oral) and project management skills.
• Strong IT and network skills, and knowledge of common enterprise technologies, such as Windows and Windows Active Directory, Linux, Cisco, etc.
• Working programming skill-set to be able to author and develop tools.
• Technical proficiency in at least one of these areas: network security/traffic/log analysis, Linux and/or Mac/Unix operating system forensics, Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis/reverse engineering, and advanced mobile device forensics.
• Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF)/AXIOM, TZWorks, and/or Cellebrite.
• Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS).
• Experience with and understanding of enterprise Windows security controls.
• Strong critical thinking and analytical problem-solving abilities.
• Stay calm, flexible, and effective when responding to high-stress or evolving incidents.
• Ability to work seamlessly with legal, compliance, IT, and business units during incident response.

Qualifications: BS in Cybersecurity with 8 years of Experience

• Experience with incident response and or Forensics.
• A good understanding of Active Directory.
• Experience with at least one scripting language: Shell, Ruby, Perl, Python, etc.
• Ability to data mine using YARA, RegEx, or other techniques to identify new threats.
• Experience with EnCase, FTK, X-Ways, SIFT, Splunk, Redline, Volatility, Wireshark, TCPDump, and open source forensic tools.
• Experience with malware analysis tools such as IDA Pro, OllyDbg, Immunity Debugger
• Hands-on experience dealing with APT campaigns, attack Tactics, Techniques & Procedures (TTPs), memory injection techniques, static and dynamic malware analysis, and malware persistence mechanisms.
• Strong knowledge of operating system internals and endpoint security experience.
• Able to communicate with both technical and executive personnel.
• Experience working in static and dynamic malware and log analysis.
• Excellent written and verbal communication skills.
• Experience in the analysis of Linux and MAC binary files and the understanding of MAC internals.
• Highly motivated, self-driven, and able to work both independently and within a team.
• Able to work under pressure in time-critical situations and occasional nights and weekends.

Qualifications: BS in Network Engineering with 6 years of Experience

• Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple operating systems, e.g., Windows, Mac, Linux, and network appliances.
• Tool agnostic, with an emphasis on knowing the forensic artifacts themselves versus relying on tool output.
• Knowledge of and the ability to use popular EDR technologies during DFIR engagements.
• Experience analyzing a myriad of system and network logs using Splunk and/or ELK.
• Experience responding to APT-style targeted attacks, with a good understanding of operational security concepts during live breaches.
• Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting.
• Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement.
• Ability to clearly interact with our clients and their executive leadership.
• Creative problem-solving self-starter, and an analytic and qualitative eye for reasoning.
• Ability to work with a remote team via collaboration tools.
• Strong documentation skills, ability to write executive and technical DFIR reports.
• Proficient in either Python, PowerShell, or Shell Scripting.
• Knowledge of performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google).
• Incident response certifications, such as those offered by SANS/CREST/GIAC.
• Experience of ‘deep-dive’ and individual host forensic analysis.
• Experience performing memory analysis as part of an incident response engagement.

Qualifications: BS in Software Engineering with 9 years of Experience