Cyber Incident Response Consultant

Thanks to continued growth, we are now seeking a Consultant to join our Cyber Incident Response team in London. As the Consultant, you will be responsible for delivering Control Risks' cyber response projects to our clients. This involves undertaking compromise assessments, business email compromise investigations, and leading the technical response on complex cases. The role reports to the Associate Director of Cyber Response (Technical) and works closely with the Cyber Crisis Management team. The successful candidate will have an investigative background, a technical skill set, and a deep understanding of current and emerging threat actors.

Role tasks and responsibilities Technical response

• Leading and assisting with host and network-based investigations, collaborating with the Digital Forensics Incident Response (DFIR) team.
• Threat hunting using EDR tooling to evaluate attacker spread and thwart further activity.
• Performing live compromise assessments for organizations suspecting a compromise.
• Detecting and hunting unknown malware in memory across multiple systems.
• Assisting with the commercialization of developed technology and automation.
• Understanding existing and emerging threat actors and attacker TTPs.
• Working with the Cyber Threat Intelligence team to leverage technical information and automation.
• Advising on the safe technical recovery of IT systems to balance understanding and speed.

Client Management

• Ensuring tooling and automation are customer-friendly and managing related queries.

Reporting

• Providing situation reports and case materials to clients and management.
• Preparing documentation for review before submission.
• Supporting the growth of the Cyber Response practice.
• Contributing to and tailoring Control Risks' cyber response methodologies.
• This role requires being on call.
• Identifying new growth opportunities.

Essential

• Proven experience leading cyber incident investigations.
• Technical degree or equivalent knowledge of networks, software, and hardware.
• Experience in log analysis and digital forensics post-incident.
• Experience responding to cyber-attacks.
• Experience operating within a Security Operations Centre.
• Fluent in English (written and spoken).
• Excellent presentation and analytical skills.

Preferred Qualifications and Skills

• Understanding of MITRE ATT&CK techniques and ability to explain TTPs to clients.
• Experience generating SIGMA, SNORT, and YARA rules.

Control Risks offers a competitive compensation and benefits package, a discretionary global bonus scheme, and supports hybrid working arrangements. We are an equal opportunity employer committed to diversity and inclusion.