At a Glance
- Tasks: Lead incident response efforts, investigate security incidents, and communicate findings to stakeholders.
- Company: CyberArk is a global leader in Identity Security, trusted by top organisations to protect critical assets.
- Benefits: Enjoy a diverse workplace, opportunities for growth, and the chance to work with cutting-edge technology.
- Why this job: Join a dynamic team where you can make a real impact in cybersecurity and develop your skills.
- Qualifications: 4+ years in incident investigations, strong communication skills, and experience with EDRs and forensics required.
- Other info: CyberArk values diversity and inclusion, ensuring all applicants are considered equally.
The predicted salary is between 43200 - 72000 £ per year.
Company Description
About CyberArk :
CyberArk (NASDAQ: CYBR), is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine – across business applications, distributed workforces, hybrid cloud workloads and throughout the DevOps lifecycle. The world's leading organizations trust CyberArk to help secure their most critical assets. To learn more about CyberArk, visit our CyberArk blogs or follow us on X, LinkedIn or Facebook.
Job Description CyberArk is seeking a highly skilled security professional who can go beyond traditional incident response: deliver end-to-end incident resolution, guide crisis management efforts, and uncover stealthy adversaries through threat hunting and forensic analysis. As a hands-on technical expert, you will work shoulder-to-shoulder with customers, transforming chaos into clarity while safeguarding some of the world's most critical infrastructures. As part of our incident response team, you'll do more than react to cyberattacks – you'll lead the charge in stopping attackers cold. You must triage existing threats identified by customers and identify possible new threats unknown to the client in large environments that range from simple to sophisticated. Discovery is conducted using existing and cutting-edge tools, either within the customer's existing environment or through newly deployed solutions. Responsibilities:
- Investigate and analyze incidents with EDR systems to respond to ongoing security incidents in real-time.
- Develop Incident Response initiatives that improve our ability to effectively respond to and remediate security incidents.
- Communicate findings and strategies to technical staff, executive leadership, legal counsel, and internal and external customers.
- Create and present technical reports and timelines to customers.
- Trace malware activity and patterns, and understanding how to remove malware non-destructively.
- Recognize attacker Tactics, Techniques, and Procedures (TTPs) and Indicators of Compromise (IOC) and apply to future incident response events.
- Reverse binary files to determine the legitimacy and extract IOCs when possible.
- Conduct forensic examinations on physical devices and perform analyses on live and collected memory.
- Create and refine detection and incident response playbooks.
- Collaborate with internal teams, influence tool development, and direct which tools are used to investigate and contain incidents.
- Produce high-quality written reports, presentations, and recommendations for key stakeholders, including customer leadership and legal counsel.
- Establish a collaborative environment for sharing data on machine timelines and suspicious events.
- Create operational metrics, key performance indicators (KPIs), and service level objectives to measure team competence.
#LI-CB1
Qualifications
- 4+ years' experience working with incident investigations utilizing EDRs, SIEMs, and containment procedures.
- 4+ years' experience with network, disk, memory, and cloud forensics.
- Minimum 1 year of experience leading Incident Response investigations and performing: network/log forensics, malware analysis, disk forensics, and memory forensics.
- Excellent time and project management skills with strong written and verbal communication abilities, capable of creating clear documentation and conveying complex technical concepts concisely.
- Skill in building and maintaining effective relationships with customers, managing expectations, and ensuring seamless collaboration to achieve shared objectives.
- Experience in deploying software within customer environments using tools such as Intune, SCCM, GPO, AWS System Manager, Azure Automation, Ansible, Puppet, JAMF, and scripts.
Experience with the following:
- EDRs such as CrowdStrike Falcon, SentinelOne, MDE
- Leading projects and debriefing customers
- Creating and modifying scripts
- Enterprise security architecture and security controls.
- Malware triage analysis and disk or memory forensics for Windows, macOS, or Linux
- Software deployment tools like Intune, JAMF, Ansible, Puppet, SCCM, CPO, and AWS System Manager.
Preferred experience:
- Familiarity with collection tools like Splunk, Kibana, or the ELK Stack.
- Experience conducting forensic triage and analysis across cloud environments: Azure, AWS, and GCP logs, etc.
Preferred certifications:
- GCIH, GX-FA, GNFA, GREM, GCIA, CREST CPIA, CREST CFIA, CFCE, CEH, etc.
Additional Information We are proud to foster a diverse and inclusive workplace, where every individual's unique background, perspective, and contribution is celebrated. We believe that by embracing diversity, we drive innovation and create a stronger, more united team. Inclusion is at the heart of who we are and how we succeed. All qualified applicants will receive consideration for employment without regard to race, colour, age, religion, sex, sexual orientation, gender identity, or disability. Upon conditional offer of employment, candidates are required to complete a comprehensive background check as per our internal policy. CyberArk is an equal opportunities employer. If you would like any special arrangements made for your interview, please inform the EMEA Talent Acquisition team upon your application so that we may take steps to accommodate your needs. #J-18808-Ljbffr
Lead Incident Response Consultant (London) employer: CyberArk
Contact Detail:
CyberArk Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Lead Incident Response Consultant (London)
✨Tip Number 1
Familiarise yourself with the latest EDR and SIEM tools mentioned in the job description, such as CrowdStrike Falcon and SentinelOne. Being able to discuss your hands-on experience with these tools during interviews will demonstrate your technical expertise.
✨Tip Number 2
Stay updated on current cyber threats and trends in incident response. Being knowledgeable about recent incidents and how they were handled can help you engage in meaningful discussions with the interviewers.
✨Tip Number 3
Prepare to showcase your leadership skills by discussing past experiences where you led incident response investigations. Highlighting your ability to manage teams and communicate effectively with stakeholders will set you apart.
✨Tip Number 4
Network with professionals in the cybersecurity field, especially those who work in incident response. Engaging with industry peers can provide insights into the role and may even lead to referrals or recommendations for the position.
We think you need these skills to ace Lead Incident Response Consultant (London)
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in incident response, EDR systems, and forensics. Use specific examples that demonstrate your skills in managing security incidents and leading investigations.
Craft a Compelling Cover Letter: In your cover letter, express your passion for cybersecurity and detail how your background aligns with CyberArk's mission. Mention specific projects or experiences that showcase your ability to handle complex security challenges.
Showcase Technical Skills: Clearly list your technical skills related to EDRs, SIEMs, and forensic analysis. Include any relevant certifications you hold, as well as your experience with tools like CrowdStrike Falcon or Splunk, to demonstrate your expertise.
Prepare for Technical Questions: Anticipate technical questions related to incident response and be ready to discuss your methodologies. Prepare to explain your approach to threat hunting and how you've successfully resolved incidents in the past.
How to prepare for a job interview at CyberArk
✨Showcase Your Technical Expertise
As a Lead Incident Response Consultant, you'll need to demonstrate your deep understanding of EDR systems, SIEMs, and forensic analysis. Be prepared to discuss specific tools you've used, such as CrowdStrike or Splunk, and share examples of how you've successfully managed incidents in the past.
✨Communicate Clearly and Effectively
You'll be required to convey complex technical concepts to various stakeholders. Practice explaining your past experiences in a way that is accessible to non-technical audiences, ensuring you can articulate your findings and strategies clearly during the interview.
✨Prepare for Scenario-Based Questions
Expect to face scenario-based questions that assess your problem-solving skills in real-time incident response situations. Think through potential incidents you’ve handled and be ready to explain your thought process, actions taken, and the outcomes achieved.
✨Demonstrate Leadership and Collaboration Skills
Since this role involves leading investigations and collaborating with internal teams, highlight your experience in managing projects and working with diverse groups. Share examples of how you've built effective relationships with customers and influenced tool development in previous roles.