Cyber Incident Response Consultant (UK) - Dionach by Nomios

This role offers flexibility to work remotely from your own home, or as a hybrid arrangement and work from our offices in Oxford or Glasgow, if preferred. There is also a requirement for flexibility from employees to visit client sites across the UK as part of this role.

The role will also include being on the on‑call rota and incident response handling during on‑call duties. Therefore, there may be occasions when you need to work evenings, weekends and bank holidays.

Since being acquired by Nomios in late 2024, Dionach by Nomios has continued its dynamic growth as a leading information security company. Specializing in penetration testing and information assurance services, we offer an incredible opportunity to be part of an experienced team, build your skills, and grow professionally. Dionach by Nomios holds impressive certifications, including CREST, CHECK, PCI QSA, and ISO 27001. With our focus on enhancing customers’ security and fostering team development, you’ll be joining a company that prioritizes both your growth and the safety of our clients. We’re in an exciting phase of expansion and are looking for self‑motivated individuals ready to thrive in a fun, flexible environment. At Dionach by Nomios, your contributions will have a genuine impact on the business, and you’ll find opportunities for both interesting work and career development.

Benefits

• Hybrid Working: Flexibility to work remotely or use our UK offices around client visits.
• Professional Growth: Time for skill development.
• Well‑being Focus: Enhanced annual leave of 25 days + bank holidays, private health insurance, Specsavers vouchers, income protection and EAP scheme.

Our Commitment to Diversity and Inclusion

At Dionach by Nomios, we believe that diversity fuels innovation. We’re dedicated to creating an inclusive workplace where everyone feels valued and respected. We welcome applications from all backgrounds, perspectives, and experiences, and we’re committed to being an equal opportunity employer. We do not discriminate based on race, religion, gender, age, disability, or any other legally protected status. We encourage candidates from underrepresented groups to apply and are committed to providing a supportive and accessible environment for all our employees. If you require accommodations during the application process, let us know, and we’ll work to meet your needs.

What You’ll Do

• Acquisition and analysis of forensic sources to triage client incidents.
• Timelining of relevant technical events and business activities to establish end‑to‑end overview of adversary movement and techniques.
• Provide consultancy on BAU to help establish operations during critical incidents, and support client mitigation and recovery efforts.
• Reverse engineer malware samples when necessary to discover actionable indicators of compromise.
• Perform threat hunting across client estates driven by investigation findings and Mitre ATT&CK tactics.
• Analyse and correlate threat intelligence data from external sources to augment investigation findings.
• Develop service capabilities through the design of infrastructure and tooling to increase efficiency and accuracy.
• Deliver client workshops such as tabletop exercises and staff training.
• Deliver detailed reports presenting all investigation findings required by internal or external stakeholders including possible legal body involvement.
• Assist clients with the creation and maintenance of incident response policy and procedures.

What We’re Looking For

• Significant experience in Cyber Incident Response (CIR) plans and preparedness assessment.
• Experience of multiple incidents and use of technical skills during a cyber‑attack, including identification, containment, and eradication of attacks.
• Expertise in digital forensic investigation.
• Experience of leading customer engagements on‑site.
• Experience of working as the solo consultant on jobs and of working in teams.
• Excellent technical writing skills with the ability to write a post‑incident report summary for a non‑technical audience.

Key Attributes

• Holding a CREST Cyber Incident Response (CIR) certification.
• Proactive at writing technical documents and improving processes.
• Outstanding verbal communication skills with the ability to explain things in a clear and non‑technical way.
• Ownership and leadership on developing and providing training courses.
• Understanding and/or previous experience in penetration testing, red teaming, or technical security assessments.

Are you an experienced Cyber Incident Response Consultant looking to further improve your skills and take on more responsibilities? If so, this opportunity is perfect for you!