We believe in the power of ingenuity to build a positive human future in a technology-driven world. As strategies, technologies and innovation collide, we create opportunity from complexity. Our diverse teams of experts combine innovative thinking and breakthrough technologies to progress further, faster. Our clients adapt and transform, and together we achieve enduring results.
PA has a deeply experienced and capable cyber security practice who work with clients ranging from central national governments through to leading global companies. As part of PA you will be joining a team who align tightly into our industry teams to provide our clients with valuable market insight. We believe that one size does not fit all so take pride in building tailored solutions for our clients.
PA Consulting is in search of creative and driven Cyber Incident Response analysts to join our growing incident response team. We are seeking an experienced Incident Response analyst with a real passion for information security and security operations to provide exceptional incident response for our clients in this hands-on role.
In addition to security operations, you will also apply your technical expertise to help develop our incident response service line by developing and delivering innovative processes, tools and techniques. In line with our passion for innovation and creativity you will also help us push the boundaries of thinking around cyber security and develop our IR capability and thought leadership. As such we highly value inquisitiveness and ingenuity to help us and our clients.
- Assist in first responder activities remotely and on client premises to contain cyber security incidents for our clients under direction of the IR Team Lead.
- Perform further incident response, investigations and containment activities across cloud based and on premises Linux/Unix, Windows and Mac estates.
- Collect and analyse intrusion detection system alerts, firewall logs, network traffic logs and host system logs.
- Perform forensic artifact acquisition and analysis of disks, volatile memory and other devices as required.
- Perform static / black box malware analysis.
- Research and develop new IR tools and techniques based upon open source principles.
- Maintain cyber situational awareness for advising clients on the current threat landscape and the near threat horizon.
- Perform client incident response capability maturity assessments.
- Develop clients’ own incident response capabilities through advisory and consultative projects.
- Deliver written and oral client communications in the form of presentations and reports.
- Recognised qualifications or experience in Computer Science / Information Security.
- Experience in at least one relevant programming language.
- Proven understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defense and intelligence frameworks.
- Strong understanding of enterprise grade technical security controls and defense in depth practices.
- One or more of the following:
o Certified incident manager (CCIM).
o Certified Incident Handler (GCIH)
o certified registered intrusion analyst (CRIA),
o certified network intrusion analyst (CCNIA),
o certified host intrusion analyst (CCHIA),
o certified malware reverse engineer (CCMRE),
o Certified (Network) Forensic Analyst (GCFA, GNFA)
o Or similar certifications.
- SC clearance or higher.
- Strong interpersonal skills, especially under pressure with the ability to communicate to a range of stakeholders.
- Strong team player keen to grow capability as part of a high performing team.
- Ability to operate largely independently, seeking support as needed.
- Credibility in the field.
- Sector experience.
- Experience in incident handling, threat hunting, threat intelligence.
- Previous exposure to enterprise scale infrastructure and technology stacks.
- Experience in analysing pcap captures and netflow logs from monitoring devices, typically FireEye, WireShark, SNORT and Netwitness
- Analyst experience applying Carbon Black, Mandiant MIR, CrowdStrike Falcon, FTK or EnCase Cybersecurity or other relevant tools.
- Experience of collecting logs from and utilising HIDS, IDS/IPS systems, SIEMs, AD controllers and firewalls
- Ability to correlate events from various sources to create incident timelines.
- Experience in blue / purple team engagements
- Experience in cloud-based infrastructure including Microsoft Azure; Office 365; Amazon AWS and Google Cloud
- Understanding of people and change elements of successful incident response and subsequent mitigation.
About PA Consulting Group
About PA Consulting Group
Benefits package at PA:
Private medical insurance
25 days annual leave with the opportunity to buy 5 additional days
Company pension scheme
Annual performance-based bonus
Life and Income protection insurance
Tax efficient benefits (cycle to work, give as you earn)
Voluntary benefits (Dental, critical illness, spouse/partner life assurance)
We believe that diversity makes us a stronger firm and look to employ people with different ideas, styles and skillsets. This diversity stimulates a rich, creative environment – one in which our people develop, and our clients enjoy enduring results. We’re committed to recruiting, promoting and rewarding our people solely based on their ability to contribute to PA’s goals, without regard to their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.
We welcome international applications, but we are unable to offer sponsorship for work permits, so you will need to have the full right to live and work in the UK. Unfortunately, your application will be automatically rejected if you do not have these rights.