This is a Senior Consultant role with responsibility for managing and delivering Control Risks cyber response threat hunting solutions. This involves managing our threat hunting engagements and where needed leading the technical aspects of cyber response cases.
This role will report to the Associate Director of Cyber Response (Technical) and work closely with the Cyber Crisis Management team. The successful candidate will have a strong technical skill set and a deep understanding of current and emerging threat actors.
Tasks and Responsibilities
- Lead all threat hunting engagements to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity across endpoints, cloud and network infrastructure
- Develop and enhance our Threat Hunting Standard Operating Procedures ensuring they reflect client requirements and align with our Cyber Threat Intelligence team
- Work with our Cyber Response Technology and Automation lead to implement the tooling required to effectively threat hunt
- Implement a quality assurance program to ensure threat hunting engagements proactively identify and mitigate risk
- Leverage Control Risks and external data sources to research threats, vulnerabilities, and intelligence on various attackers and attack techniques, to form hunting playbooks and mitigation steps.
- Work closely with our Cyber Threat Intelligence team and share threat hunting playbooks with the incident response team.
- Overseeing host and network based investigations. Leveraging the Digital Forensics Incident Response (DFIR) team to deliver the work you are overseeing.
- Ownership of the lifecycle of a cyber incidents including identification, containment, eradication and recovery.
- Threat hunting using EDR Tooling to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity.
- Perform live compromise assessments for organisations who suspect a compromise.
- Detect and hunt unknown live, dormant, and custom malware in memory across multiple systems in an enterprise environment.
- Demonstrate a deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers.
- Work closely with the Cyber Threat Intelligence team to identify where they could benefit from the technical information acquired during Cyber Response cases. Also identify and implement where threat intelligence can be leveraged through tooling and automation.
- Advise on the safe technical recovery of an organisations IT systems balancing the need to understand what has happened but speed up recovery.
- To support with client relationship management facilitating where appropriate introduction and provision of additional technical Control Risks services.
- Working closely with Cyber Response Management to ensure a cohesive go-to-market approach.
- Ensure tooling and automation developed is customer friendly to deploy and use. Be responsible for any customer queries that arise from the use of the technology and automation.
- Provide situation reports and other significant case related material to the client and the Director of Cyber Response.
- Provide documentation to the relevant consultants in sufficient time to allow review and feedback, before submitting to a client.
- Report on the performance of the Technical Cyber Response work and forecast technical and resource requirements in the near and long term.
- Ensure the output of tooling and automation is easily readable and presentable both during cases in situation reports but also within formal end of case reports.
Supporting the growth of the Cyber Response practice
- Refining Control Risks’ cyber response methodologies and approaches and tailoring the approach in changing market conditions.
- This role has a requirement to be on call.
- Identifying potential new areas of growth and opportunity.
- Proven experience leading cyber response cases
- Technical degree or demonstrated knowledge of common networks, software and hardware used in business environments
- Experience in conducting log analysis and digital forensics following a cyber incident
- Proven experience in responding to cyber attacks and information security related advisory
- Demonstrable experience of operating within a commercial environment
- Track record of developing consultative relationships with clients
- Fluent in English (written and spoken)
- Excellent presentation skills
- Excellent analytical skills
- Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarised in the full job offer.
- We operate a discretionary global bonus scheme that incentivises, and rewards individuals based on company and individual performance.
- Control Risks supports hybrid working arrangements, wherever possible, that emphasise the value of in-person time together – in the office and with our clients – while continuing to support flexible and remote working.
- As an equal opportunities employer, we encourage suitably qualified applicants from a wide range of backgrounds to apply and join us and are fully committed to equal treatment, free from discrimination, of all candidates throughout our recruitment process.