At Quorum Cyber we help good people win. Founded in Edinburgh in 2016, our expert team of security analysts, incident responders, forensic specialists, and threat hunters leverage the best Microsoft security technologies to defend organisations worldwide against cyber security breaches and attacks. As a Microsoft-only house we provide a unified security ecosystem, offering a collection of simple, innovative Professional and Managed Security Services, delivered through our own platform Clarity. Our key Managed Security Services include: - Azure Sentinel Security Operations Centre (SOC) and Managed Detection and Response (MDR) - Managed Microsoft Defender - CREST Vulnerability Management - Phishing Protection & Simulation. Our Professional Security Services provide a wide range of advisory, risk assessment, incident response and compliance solutions, with the aim to help organisations manage their exposure to cyber risk over time, increase resilience to business disruption, and achieve measurable returns on investment. Our commitment to quality can be evidenced by the growing collection of certifications and accreditations we’ve secured over the years, including Microsoft Gold Partner status, Microsoft Intelligent Security Association (MISA) and CREST Accreditation: Vulnerability Assessments, Penetration Testing and Cyber Security Incident Response. We are proud winners of the Scottish Cyber Awards and Digital Technology Awards for our innovate, in-house built services.

The Cyber Incident Response Consultant is responsible for the investigation and analysis of cyber incidents. Their primary role is in the triage, containment, and eradication of threats within an environment, ensuring as they do that evidential collection and integrity is maintained by all persons involved throughout the course of the incident.

The Cyber Incident Response Consultant is expected to act as a subject matter expert to clients by providing root cause analysis and clearly communicating facts about an incident in an empathetic manner at an appropriate technical level for the audience.

What I do is:

Incident Response

• Investigate cyber security incidents and threats.
• Understand and track malware and threat actor movements and behaviour on individual devices and across networks.
• Interact with stakeholders and leadership teams as part of the response and remediation efforts.
• Improve the detection, escalation, containment, and resolution of incidents.
• Enhance existing incident response methods, tools, and processes.
• Maintain knowledge of technologies and the threat landscape.
• Assist during non-core business hours during an emergency, critical, or large-scale incident.
• Analyse collected artifacts in order to determine timelines and process and threat actor actions.
• Work with the Threat Intelligence team to integrate findings on to our Threat Intelligence database.

Investigation Analysis and Consultation

• Understand the organizations, and our customers missions, values, operations, goals, risks, and risk tolerance.
• Maintains situational awareness for cyber threats across the organization and drive the appropriate or commensurate response activities, where necessary.
• Understand and connects threats to the risks of the organization to provide appropriate capabilities and services
• Provides consultative advice and coaching to cybersecurity customers to help them make informed risk management decisions

Customer Engagement

• Present and communicate findings, recommendations, and status updates of active investigations.
• Assists teams (internally and externally) in various security and privacy risk mitigation.
• Provide Incident Response Readiness Assessments of client’s Incident Response Plans and Playbooks
• Provide Executive/Board level training in Cyber Security and Incident Response
• Facilitate Cyber Incident Exercising with clients

The skills and attributes we need you to have are:

• Technical Expertise
• Customer Centricity
• Thinking Clearly Under Pressure
• Analytical Skills / Problem-solving
• Focussed on Detail
• Great Communication Skills
• Curious and innovative
• Great team player

Other information

I know I have done a great job if:

• I have brought client cyber security incidents to a timely resolution
• Clients express their satisfaction following post-incident reporting and debrief
• I have worked to ensure nonrepudiation of findings or investigative methods
• I’ve created publications of client anonymised use cases
• I have worked closely with my colleagues to improve our current methodologies
• Positive Incident Response Readiness Assessment engagements

You will get an excellent salary, with world class benefits (private health, unlimited holidays, flexible working). As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.