Incident Response Analyst

Pentest People is a UK-based security consultancy specialising in providing Penetration Testing as a Service to all its clients. Our innovative approach to security testing merges the benefits of consultant-led penetration testing with ongoing vulnerability assurance through our advanced SecurePortal. This provides clients with a continuous, living threat management system throughout the duration of the contract, rather than a single point-in-time assessment. We’re expanding our Incident Response team and looking for an Incident Response Analyst to join us in tackling some of the most challenging cybersecurity threats.

The role requires analytic thinking, problem solving skills and the ability to work in a fast-paced environment. As part of our dynamic team, you will play a critical role in reducing the impact of cyberattacks and enhancing our clients' security posture to prevent future attacks.

Key responsibilities include:

• Conducting initial incident assessments and contributing to Incident Response management.
• Participating in live Incident Response operations including digital forensics.
• Performing security assessments, threat intelligence gathering and OSINT analysis.
• Collaborating with other departments to facilitate a holistic cybersecurity service.
• Engaging with clients on a day-to-day basis and getting access to relevant logs and clients' infrastructure for performing digital forensics.
• Documenting incidents thoroughly, including timelines, affected systems, actions taken, and recommendations for future improvements.
• Preparing comprehensive reports for clients.

Technical skills:

• Demonstrated experience in responding to and investigating incidents whilst utilising various monitoring, detection and investigation tooling – SIEM, SOAR, EDR etc.
• Proficiency in log analysis of Networking, Windows, Mac and Linux and Cloud.
• Understanding of evidence collection process based on priority.
• Strong understanding of incident response following NIST 800-61 guidelines incorporating containment, eradication and recovery phases.
• Experience with digital forensics and investigations, including evidence collection and chain-of-custody protocols.
• Understanding of tabletop exercises, and IR planning.
• Understanding of Technical Frameworks such as MITRE Attack, Lockheed Martin kill chain or Diamond model.
• Ability to perform dynamic malware analysis.

Qualifications:

• Certifications such as ECIH, Security +, BTL1, Cysa+, SC-200 are good to have.
• Knowledge of open-source IR tools, such as Velociraptor, Eric Zimmerman Tools, Chainsaw, Volatility, SOF-elk, DFIR IRIS.
• Experience in Python or Bash or Go.

About you:

• Experience in managing stakeholders during live incidents to minimise impacts.
• Strong communication skills, with the ability to manage and coordinate various incidents whilst remaining calm under pressure.
• Ability to align client deliverables with industry best practices.
• Experience in threat intelligence and analysis to support proactive IR.
• Capable of taking ownership of tasks, ensuring quality delivery and supporting the IR's team growth.

While this role is advertised as remote, it will require occasional visits to client sites and the office as needed. Candidates must be based in the UK and have the right to work, as we are unable to provide sponsorship at this time. If you do not have SC eligibility, you must meet the requirements for SC, as this may be a necessary criterion.

Pentest People is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.