Cert Specialist(Dfir)

7 months ago


Brentford, United Kingdom Vodafone Full time

**Location: Brentford**

**Our Team**:
**Cyber Security**

At Vodafone Global Cyber Security, we help our customers to remain secure and resilient in a world of increasingly sophisticated cyber-attacks. We offer a unique combination of highly resilient networks, enterprise-class cloud platforms, advanced security systems and expert advice, helping limit the risks of a mobile workforce, such as commercial losses, regulatory breaches or threats to individuals, whilst enabling productivity and employee satisfaction. Joining us as a CERT Specialist, you can be part of our empowering our Cyber Security function. The Future is exciting. Ready?

The CERT specialist is responsible for performing Incident Response activities and cybercrime investigations on behalf of Vodafone. They will be responsible for the delivery of services relating to cyber-attacks and data breach investigations; including complex and at times sensitive work streams. They will also be responsible for aspects of internal corporate security investigations, e-Discovery and network investigations. There will be the need to generate reports to satisfy the requirement of senior stakeholders, technical specialists and regulatory bodies. There may also be the requirement to produce evidential witness statements for use in court or tribunal proceedings.

The role holder will also be required to support the Cyber Incident Management (IM) team and wider Cyber Defence should cyber-attacks occur. This is a hands-on technical role and the role holder will be required to assist the IM function, with rapid triage and assessment of attacks, providing technical findings in a clear and understandable manner. They will be expected to operate in an agile and effective manner conducting root cause analysis of cyber incidents and demonstrating a strong understanding of Incident Response principles and techniques. This understanding gained through experience of dealing with cyber-attacks and knowledge of attackers’ methodologies and the cyber kill chain.

Additional relevant skills include the use of enterprise level tool sets in incident response, including Endpoint Detection and Response (EDR) products, the Reverse Engineering of Malware and scripting would also be beneficial, however opportunities for development in these areas exist.

The role holder will be required to liaise with internal stakeholders within local Vodafone markets, Corporate Security and Legal functions. While ownership of the investigations will remain with designated stakeholders, the role holder will be expected to provide expert advice and services relating to all potential sources of digital evidence.
With us you will:

- Incident Response Investigation - Forensic, technical, root cause analysis and incident response to defeat cyber-attacks and reduce risk. Recommendation of containment, remediation and recovery activities.
- The role holder will work extensively with all our (internal) Customers being part of a global cyber security team to counter cyber-attacks and to facilitate the skills transfer between Vodafone operating companies.
- The role holder will be expected to be able to coordinate work with security vendors in the development and improvement of security platforms and services for monitoring and analysis.
- The role holder will contribute to the development of an intelligence-led framework to protect Vodafone globally against risk including advanced malware and attacks (APTs).

**With us you will**:

- Incident Response Investigation - Forensic, technical, root cause analysis and incident response to defeat cyber-attacks and reduce risk. Recommendation of containment, remediation and recovery activities.
- The role holder will work extensively with all our (internal) Customers being part of a global cyber security team to counter cyber-attacks and to facilitate the skills transfer between Vodafone operating companies.
- The role holder will be expected to be able to coordinate work with security vendors in the development and improvement of security platforms and services for monitoring and analysis.
- The role holder will contribute to the development of an intelligence-led framework to protect Vodafone globally against risk including advanced malware and attacks (APTs).
- Ability to work efficiently as part of a team.
- Strong communication and stakeholder management skills, including reporting.
- Experience in the technical investigation of cyber-attacks.
- Practical experience of leading the technical response to sensitive cyber forensic investigations.
- Experience in the forensic investigation of Windows, Linux, Unix, macOS operating systems.
- Experience in the use of forensic and enterprise level toolsets including EDR and eDiscovery.
- Experience in the security of enterprise level architecture and networks.
- Knowledge of information security management, penetration testing and vulnerability management.
- Experience of working with a SOC environment
- Experience