About the role
Redscan is an award-winning cyber security company specialising in managed threat detection and incident response.
Due to rapid growth in the market, we are undergoing an exciting period of expansion and looking for an Incident Response Specialist to join our team in London.
This Incident Response Specialist role will act as a subject matter expert and lead the Incident Response capability for the Security Operations Centre. They will help identify, implement and document appropriate methodologies and provide instruction to the SOC team in delivering these areas to customers.
Duties and Responsibilities
- Assist the SOC Manager in providing Day to Day management of SOC Analysts and associated activity, with emphasis on the incident response activity.
- Assist the SOC Manager in maturing Incident Response methodologies.
- Support SOC Analysts in delivering real time proactive monitoring and response.
- Provide targeted threat intelligence analysis to better target threat hunting activity.
- Provide remote incident response activities and advice, to support customers during and immediately after security incidents.
- Produce and maintain operational processes and procedures.
- Create and maintain SIEM correlation rules, signature creation for supported NIDS/NIPS and Endpoint Protection products from the analysis of malware samples & output of incident investigations.
- Supporting multiple customer environments concurrently.
- Working with the SOC analysts to carry out in-depth investigation on Security events, raise incidents and support the Incident Management process.
- Provide analysis and trending of security log data and network traffic from a large number of monitoring points.
- Support Playbook development and automation activities.
- Other duties as assigned.
- Has a passion for security and enjoys solving problems.
- Good knowledge of Cyber Security Incident Response processes & procedures.
- Excellent knowledge on the fundamentals of Windows and Unix systems including MacOS & Linux distributions.
- Good understanding of static and dynamic binary analysis.
- Good understanding of host forensics, memory forensics and network forensics.
- Proficient with automation using languages such as Python.
- Experience working with SIEM systems
- In-depth knowledge of the security threat landscape
- Ability to multi-task, prioritize, and manage time effectively
- Strong attention to detail
- Excellent interpersonal skills and professional demeanour
- Excellent verbal and written communication skills
- Excellent customer service skills
- Experience in mentoring and training SOC Analysts.
- Industry standard certifications such as: CREST CRT, CREST CCT, OSCP, CHECK, GIAC GCFA, GNFA, GREM.
- 3+ years’ experience as an Incident Responder or equivalent
- Desirable: Bachelor’s degree in a related field or equivalent experience and knowledge
- Desirable: Experience of working in an MSSP/MDR SOC environment.