Key skills
CloudCyber SecurityLinuxMacOSCommunication
About this role
Role Overview
- Investigates security incidents by performing host, disk, memory, network, and cloud forensic analysis under established processes and guidance
- Analyzes artifacts across Windows, Linux, and macOS systems, helping reconstruct timelines and determine root cause
- Supports clients through containment and recovery efforts by providing technical recommendations and clear communication
- Participates in the team’s on‑call rotation for urgent incident response needs
- Completes internal and client tasks such as tabletop exercises, IR readiness assessments, basic forensic reviews, and environment hardening support
- Identifies observable gaps and risks within client environments and recommends improvements to strengthen security posture
- Produces accurate documentation—including investigation notes, status updates, and final reports
- Collaborates with global DFIR and other teams and stays current on threats, attacker techniques, and emerging forensic tools
Requirements
- Proven experience in incident response and digital forensics, with capability in host‑based, image, and log analysis
- Experience using SIEM, EDR, IDS/IPS, and other security tools to triage, investigate, and respond to incidents
- Ability to perform network analysis using tools such as Wireshark, tcpdump, and other tools
- Experience in cybersecurity operations, consulting, DFIR services, or related technical security roles
- Bachelor’s degree or equivalent experience in Information Technology, Computer Science, Cybersecurity, or a related discipline (preferred)
- Relevant cybersecurity certifications such as: SANS GIAC Security Essentials (GSEC) or equivalent preferred
- SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent preferred
- SANS GIAC Certified Incident Handler (GCIH) or equivalent preferred
- Additional DFIR‑related certifications are considered a plus
- Active UK Security Clearance is required to deliver services within sensitive or regulated client environments
- Background and hands‑on experience in Operational Technology (OT) environments.
- Experience investigating ICS/SCADA systems and industrial sectors such as manufacturing, energy, utilities, or critical infrastructure
- Ability to collect and analyze OT forensic artifacts, interpret OT protocols and system behavior, and assess the impact of cyber incidents on physical processes
- Certifications SANS OT/ICS certifications such as GICSP or GRID, IEC 62443 or equivalent required
Tech Stack
- Cloud
- Cyber Security
- Linux
- MacOS
Benefits
- Equal Opportunity Employer with a global culture that embraces diversity
- Commitment to providing an environment free of unfair discrimination and harassment