Oh oh! Awesome! {$ msg.text $} ({$ msg.count $})

Incident Response Team Lead

  • Helsinki
  • Helsinki

WithSecure delivers research-led cyber security to defend organizations, society and people from real-world attacks and build resilience into their approach. Our people are a mix of technical and creative experts – diverse, talented, and passionate people – working tirelessly to help us advance the industry with new ways of thinking. They lead their own development, in and out of the office. They call the shots when it comes to building a place to call home in our organization.

We are looking for a Senior Incident Response Consultant to join our growing global team. This is a great opportunity for someone who has studied computer science, IT security, or Computer Forensics and are interested getting into the fascinating field of pulling apart real-world attacks in a company that is highly innovative, rapidly growing and with lots of opportunities to learn and grow.

Key Responsibilities

The primary responsibility of this role is to work with WithSecure’s clients to deliver Investigations and Incident Response services. These services are aimed at responding to and containing security incidents for our clients, with a particular focus on advanced targeted attacks. This can also cover a wide range of areas including forensic investigations, proactive compromise assessments and guiding our clients through the implementation of response procedures.

This role requires the ability to clearly communicate to a range of audiences from technical practitioners through to executive boards and identify technical issues describing them in the language of the business you are engaged with.

A successful candidate should have a good general knowledge of both enterprise IT platforms and information security. They will be required to understand the motivations and methods adopted by a wide range of threat sources with a good understanding of how exploitation of systems occurs.

Job Duties

  • Lead investigations into root cause analysis for WithSecure clients
  • Act as the primary contact point for support and escalations for the region
  • Correlate findings across multiple sources of evidence
  • Producing high quality reports to present findings and recommendations
  • Lead large scale incidents with support of the global team in a follow the sun model
  • Perform Memory, Network and Disk forensic analysis.
  • Contributing to the development of the global team
  • Mentor and train a local team of investigators to support you in the region and work with the global team on improving service delivery

What are we looking for?

  • Experience with leading investigations into targeted attacks across large enterprise networks
  • Solid understanding of client-server infrastructures, security architectures and related logging and alerting
  • Knowledge of Windows, Linux and/or OS X internals
  • Knowledge of the phases of Incident Response as defined by NIST

  • Familiarity with common attack techniques

  • Ability to report key findings in a clear and concise manner both at technical and senior management level

  • Knowledge of TCP/IP networking with the ability to perform network forensic analysis

  • Solid understanding of file-system analysis and the ability to find and extract common disk-based indicators of compromise

  • Experience in Malware Analysis

  • Experience with a scripting language such as Python, Ruby, Powershell or Bash

  • Knowledge of common cloud technologies

  • Vendor independent qualification in Incident Response and Forensics such as GIAC, IISFA,IACIS, ISFCE, ECCouncil or CREST certifications (e.g. CFCE, CCE, CIFI, CHFI, ECIH, GCIH, GCIA, GCFA, GCFE, GREM, GCED, Intrusion Analyst, Network or Host Intrusion Analyst or Malware Reverse Engineer)

  • Vendor specific qualification such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE) certification or X-Ways Professional in Evidence Recovery Techniques (X-PERT)

Bonus points

  • Background in offensive security/certifications such as OSCP/OSEP
  • Line manager experience

Our four promises to you:

  • Freedom – you will have the opportunity to define new ways of working how we engage with our customers, and how product value gets represented
  • You will work together with experienced and enthusiastic colleagues, and within WithSecure you will find some of the best minds in the cyber security industry
  • Your work will be clearly visible and recognised – all over the world and across our business units
  • You can rely on the support from the entire WithSecure leadership including our top executives

Work with great people

Karolina Malagocka
Senior Marketing Manager
"We see the value of each and every person"
William Jardine
Managing Consultant
"The freedom is a big thing for me. The trust you are doing something worthwhile."
Robert Grześkowiak
Lead Software Engineer
"At WithSecure you won't feel bored. There are opportunities to learn new things every day."
Fairuz Zainor
"I joined WithSecure (previously F-Secure) straight after graduating and now, 10 years later, I am still happy to be here."

Great Place to Work

  • Over 1,700 amazing colleagues in nearly 30 offices

  • Possibility to protect the world

  • Work with best of class experts who care

  • Relaxed, open and fun working environment

  • 68+ of nationalities

  • Global with the spirit of a small company

About the company

Purpose – Why we exist
We are here to build and sustain trust in a digital society
We are here to build and sustain trust in a digital society — trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.

Vision – Where we are heading
No one should experience a serious loss because of a cyber attack
We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.

Mission – What we do
Accelerate transition to outcome-based security
Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers’ and partners’ transition to outcome-based security.

Danielle Acott | Contact Person

I'm interested

Visit website