Lead for Incident Response and Blue Team Fully

**Overview** **Position - Service Lead for Incident Response and Blue Team** - My client are a security consultancy based in the UK. As an established boutique they perform technical security assessments for a diverse range of clients focusing on high street banks and financials within the UK and wider EU/US, and hold the top industryaccreditation's within CREST and NCSC for security assessment. - Under our Active Breach brand we also perform Adversary Simulation and Assumed Breach engagements for organisations with high security maturity and "Blue Teams" with numerous industry-leading defensive technologies and products. A key value-add for ourbusiness is providing insights into these technologies and improving their effectiveness. - They are looking for an industry-proven senior consultant who can formalise and deliver an Incident Response function which can support our Active Breach team. **This will cover all aspects of a client's requirements such as**: - Preparing an organisation's incident response policy, - Acting as the lead point of contact on incident investigations including stakeholder management, planning, decision-making and delivery. - Responsibilities In charge of overall quality for service area. Includes sampling reports, proposals, working in a supporting role across multiple jobs and providing feedback to directors - Developing and updating sales collateral, proposal material - Developing methodology, material and process for delivering work, responsible for curating new tools, techniques, results - Liaising with the sales team to attend meetings, provide technical and sales guidance and material for services - Responsible for updating and assisting with aspects of the hiring and on-boarding process - Directing or performing targeted research in the sector - Curating and updating internal wiki/knowledge bases with information **Essential** - My client are technically focused and as such we expect this to be a "hands-on" role, and not a purely management role. You will be expected to lead small and large-scale breach investigations for the client base and perform all technical levels of theinvestigation from stakeholder communication to technical forensics, supported by their technical team. - Pro-active approach to defining the business area and driving development of the above responsibilities - Understanding of common enterprise network architectures including Windows-based Domains, *nix infrastructures and management, network segmentation - Familiarity with common capabilities and resources of typical enterprises including default logging and common barriers to forensic assessment and how these may be overcome familiarity with common attacker MO - Ability to craft custom approaches to ingesting and correlating data and to challenge or enhance the Blue Team's capabilities - A range of soft-skills including client-facing pre-sales, stakeholder management, planning, decision-making - Desirable Low-level understanding of the Windows and *nix OS architecture Low-level forensics experience (malware analysis, host analysis) - In-depth understanding of the popular blue team products and capabilities including SIEMs, Splunk, EDR, IDS/IPS - Detailed knowledge of the Cyber Kill Chain and specifically the common post-exploitation steps of modern adversaries - Bachelor degree If this role sounds like something you would be interested in, please send your CV, ideally in Word format, via this site. If this role is not quite right for you but you would like to have a conversation about other roles, please search and connect with me, Cody Murphy, on LinkedIn.