Incident Response Specialist

Location(s): UK, Europe & Africa : UK : Frimley || UK, Europe & Africa : UK : London || UK, Europe & Africa : UK : Manchester BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Incident Response Specialist BAE Systems Digital Intelligence offers world class Incident Response services to customers across the globe. Our team investigates some of the most complex nation state threat actors and intrusions on a daily basis. We have a vacancy for a Digital Forensics & Incident Response Specialist. The successful candidate would be expected to conduct forensic analysis of Windows, Linux and macOS systems, analyse log files such as firewall, proxy and DNS logs, lead incident response investigations, threat research and malware-based investigations. Members of the Incident Response team are encouraged to learn about other areas of the wider business (such as Threat Intelligence and Security Testing), and there will be opportunities to cross train and upskill if the successful applicant is interested. We are looking for candidates with a strong technical background and deep understanding of the threat landscape that can be applied during emergency response and ongoing threat research. Responsibilities Assist with the investigation of cyber-attacks against our customers as part of the global Incident Response team. Development of tradecraft in investigating complex attacks. Conduct forensic analysis of Windows, Linux and macOS systems. Perform analysis of log files such as firewall, proxy and DNS logs. Assessment of tools, techniques, and procedures of different actors ranging from hacktivist and criminal to state-sponsored groups. Requirements Some experience investigating and responding to cyber intrusions. Some experience using forensic tools such as EnCase, Velociraptor, Timesketch and Cellebrite UFED. Awareness of EDR tools such as Crowd Strike, SentinelOne, Microsoft Defender for Endpoint or Tanium. Self-starter with ability to identify problems early and develop solutions using own initiative. Ability to write Incident Response reports concisely and proficiently, as well as use graphics to illustrate scenarios or datasets. Willingness to travel for international engagements Desirable skills Knowledge of or willingness to learn scripting/programming languages such as Python, PowerShell and C#. Familiarity with the threat landscape and knowledge of threat actors and campaigns. Certifications such as CREST (CCIM, CCHIA, CCNIA, or CCMRE) or GIAC (GEIR, GCFE, GCFA, GNFA, or GREM) are an advantage. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well-being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. #J-18808-Ljbffr