Incident Response Investigator

Job Description

WithSecure™ protects businesses all over the world from modern threats. We do this through a Co-security approach born from first-hand knowledge that no one can solve every cyber security problem alone. Every single day, our diverse, growing team fights against online extortion, threats to national infrastructure, the unlawful spread of sensitive information, and everything in-between. The best part about working for WithSecure is our people! We are a community of dedicated and passionate professionals that take workplace happiness seriously. If you’re looking for something that’s more than just a job – we’d love to hear from you.

We are looking for an Incident Response Investigator to join our team with the primary responsibility of this role is to work with WithSecure’s clients to deliver Investigations and Incident Response services. These services are aimed at responding to and containing security incidents for our clients, with a particular focus on advanced targeted attacks (known as Advanced Persistent Threat- APT). This can also cover a wide range of areas including forensic investigations, proactive compromise assessments and guiding our clients through the implementation of response procedures.

The role also requires the ability to clearly communicate to a range of audiences from technical practitioners through to executive boards. This requires the ability to identify technical issues and describe them in the language of the business leaders you are engaged with.

A successful candidate should have experience of both enterprise IT platforms and information security. They will be required to demonstrate an understand the motivations and methods adopted by a wide range of threat sources with a good understanding of how exploitation of systems occurs.

Key Responsibilities

• Performing investigations, as part of a team, for WithSecure clients and producing high quality reports to present findings and guidance.
• Maintaining target utilization on client chargeable projects whilst working as an Incident Response Investigator.
• Producing output to highlight the technical competence of the company to a standard that can be published.
• Supporting your practice area in successful delivery and growth.

What are we looking for?

• Experience of one or more of the following
  • Client-server infrastructures,
  • Security architectures,
  • SIEM systems,
  • AV/EDR solutions
  • Cloud platforms
• Experience of troubleshooting TCP/IP networking with the ability to perform network forensic analysis to a packet level.
• Ability to perform file-system analysis including FAT, NTFS, HFS+ and/or EXT2/3/4 and ability to find and extract common disk-based indicators of compromise.
• Familiarity with Windows, Linux and/or OS X internals together with the normal operation of these systems.
• Knowledge of the phases of Incident Response as defined by NIST.
• Familiarity with MITRE ATT&CK Matrix for Enterprise framework.
• Knowledge of and experience in memory analysis.
• Ability to report key findings in a clear and concise manner both at technical and senior management level.

Bonus points

• Experience with a scripting language such as Python, Ruby, PowerShell or Bash is desirable.
• Knowledge of common cloud technologies.
• Vendor independent qualification in Incident Response and Forensics such as GIAC, IISFA,IACIS, ISFCE, ECCouncil or CREST certifications (e.g. CFCE, CCE, CIFI, CHFI, ECIH, GCIH, GCIA, GCFA, GCFE, GREM, GCED, Intrusion Analyst, Network or Host Intrusion Analyst or Malware Reverse Engineer).
• Vendor specific qualification such as AccessData Certified Examiner (ACE), Encase Certified Examiner (EnCE) certification or X-Ways Professional in Evidence Recovery Techniques (X-PERT).

What will you get from us

• Freedom – you will have the opportunity to define new ways of working how we engage with our customers, and how product value gets represented.
• You will work together with experienced and enthusiastic colleagues, and within WithSecure you will find some of the best minds in the cyber security industry.
• Your work will be clearly visible and recognized – all over the world and across our business unit.
• You can rely on the support from the entire WithSecure leadership including our top executives.