Cyber Security Engineer / Incident Response

Marcus Donald are looking for a Cyber Security Engineer to join a growing Cyber & Incident Response team for a large retail organisation within the City of London.

The role… Cyber Security Engineer / Incident Response:

The role will be working in the Cyber Security Incident Response Team (CSIRT) within their Cyber department. My client is facing a challenging Cyber attack landscape pursued by intelligent and evolving enemy.

This is a hands-on role with opportunities to grow into a tech lead/SME. The successful candidate is expected to detect and respond to cyber-security incidents as well as perform digital forensics analysis. 

Tech... Cyber Security Engineer / Incident Response:

• Detect and Respond to cyber incidents affecting business operations.
• Run thorough investigations of external cyber threats throughout the incident response (IR) cycle to protect their customers, employees and brand.
  Cross information from different security controls and collaborate with relevant teams and third parties to run analysis which reach accurate findings.
• Run thorough internal investigations of insider threats, working on investigations into attempts at complex fraud or criminal activity in conjunction with the Physical Security and Fraud teams while collecting digital evidence applicable for prosecution in the court of law.
• Deliver detailed, constructive and formatted IR reports documenting the detection & response required for internal stakeholders, external authorities (ICO, NCSC, NCA etc..) and auditors.
• Constantly reduce time to Detection/Response/Mitigation (TTD TTR TTM).
• Research new detection rules of newly threats and constantly improve current detection rules of known threats to capture attack mutations across multiple security controls.
• Devise response procedures to mitigate and contain detected Cyber-attack vectors across multiple security controls.
• Support mitigation and containment of extended Cyber incidents spanning off working hours.
• Drive implementation of incidents aftermath to prevent reoccurring attacks.

Additionally… Cyber Security Engineer / Incident Response:

• Excellent communication skills (English proficient both written and oral).
• Working programming skill-set to be able to author and develop tools. Most in-house security tools are written in PowerShell, but we accept that a competent programmer will be able to transfer skillsets across languages.
• Technical understanding in at least one of these areas: Endpoint security/Network security/Log analysis/Linux or Mac or Unix operating system forensics/Memory forensics/Dynamic malware analysis.
• Strong IT and network understanding – knowledge of common enterprise technologies –Windows Active Directory, GPO, etc.

If this position is of interest, please do not hesitate to contact Ben James (bjames@marcusdonald.com) for any questions that may need answering and/or further information regarding the company and role.