Incident Response Consultant

Job Type:
Cyber Security
Job reference:
10 days ago

The role

Working as a Cyber Incident Response Consultant within our Managed Security Services team, you will provide incident response support to both managed and new/emergency customers. You will encounter a wide range of compromises, network environments and security technologies.

You will be working closely with the MSS SOC and SOC Consultancy team, conducting investigations from triage call through to incident completion. You will represent our excellent professional standard to customers while working alongside others. You will have desire and passion to stay up to date with emerging threats, investigate new detections and solutions for customer. Working with a highly motivated team, you will focus on triage, analysis and investigation of suspicious binaries, files, data and logs.

As a member of our Managed Security Service (MSS) team you will provide first class service to both Internal and External Customers, delivering excellence in all areas of your work.


This role is hybrid based within the UK, with a mixture of Home and Office (Birmingham) working for collaboration, team building, workshops and clinic days (Ocassional travel put at once a month tops). Travel may be required to customer locations.

We can support working from across the UK. All applicants will require residence in the UK.

What you'll be doing in your role

In your role as a Cyber Incident Response Consultant, you'll need to:

  • As an individual or part of a team, conduct analysis and investigation of cyber security events across Windows, Linux, Cloud and Hybrid environments.
  • As an individual or part of a team, conduct digital imaging and forensic investigation tasks on Windows and Linux hosts.
  • Conduct initial triage on suspicious artefacts using both commercial and bespoke tools.
  • Provide customer training engagements to develop internal and external stakeholder preparedness for dealing with cyber incidents.
  • Provide written and verbal reports to the wider IR team, senior business partners (internal and external)
  • Conduct ongoing research around the threat landscape, including threat actors, TTPs and develop IR actions, investigation strategies and tooling
  • Use KQL based language queries/statements to detect malicious activity, analyse data and perform threat hunting.
  • Build and design detections in Microsoft Advanced Threat Protection (ATP) or similar EDR platforms (Crowdstrike/Carbon black).
  • Use tools such as KAPE, FTK, Elastic, PowerShell, Python and others for forensic and investigation purposes.
  • Easily adapt to change, seek new responsibilities, accept challenges, and thrive in ambiguity.

Key Skills:

The following are strong recommendations and in most cases prerequisites of the role.

  • Demonstrably strong incident management and analytical skills.
  • Demonstrably strong written and speaking English skills.
  • Demonstrably strong understanding of Threat Actor TTP's.
  • Demonstrable ability to work on own projects and within a team.
  • Experience with Network Detection and Response solutions
  • CREST CRIA or equivalent level IT Security related certification.
  • At least 24 months of relevant IT Security industry experience in past 3 years.
  • Ability to travel to UK customer locations where requested and non-UK customer locations where mutually agreed.
  • Ability to join 24/7 on-call rota where requested.
  • Excellent communications and customer facing skills with a positive and proactive attitude towards customer issues
  • Excellent Team player
  • Full UK Driving License


  • Understanding of networking including strong knowledge in IP stack
  • Understanding of Server and endpoint technology stacks
  • Understanding of common cloud platforms (Azure, AWS, GCP)
  • Experience of scripting and/or coding

What we offer:

We are a people-focused, high-performing, high-trust managed security services team. We pride ourselves on our investment in our people, meaning as we are a fast-evolving team in an exciting working environment, you'll always have opportunities to solve the latest cybersecurity challenges, with the responsibility and development opportunities to match.

Company benefits:

  • Constantly updated training & progression plans with multiple tracks of development, supporting lateral movement or upwards progression.
  • Yearly wellness day to be spent in the way that works best for you.
  • Recognition & rewards for individual, team and department performance
  • Performance-based bonus programme
  • Generous pension scheme
  • A supportive team enabling you to succeed and grow your career.
Back to Search Results