At a Glance
- Tasks: Create top-notch cyber security training content using your real-world incident response experience.
- Company: Join a fully remote, innovative team at TryHackMe.
- Benefits: Enjoy flexible hours, a £2,500 training budget, and annual company retreats.
- Other info: Collaborative environment with opportunities for personal development and mentorship.
- Why this job: Make a difference by teaching the next generation of cyber security professionals.
- Qualifications: Significant hands-on experience in cyber security roles like Incident Responder or Threat Hunter.
The predicted salary is between 60000 - 80000 £ per year.
We're looking for experienced incident responders and blue team practitioners to join our Content Engineering team. Your job is simple in concept: take what you know from real world IR work and turn it into world class training content. You’ll take your years of real world experience and teach your peers and the next generation.
Job Responsibilities
- Research, design, and develop defensive cyber security training material with supporting hands‑on lab exercises (such as virtual machines and datasets for analysis).
- Draw on your real world IR experience to build realistic, scenario‑driven labs that reflect how attacks actually unfold in enterprise Windows environments.
- Develop and configure virtual machines and sample datasets for realistic cybersecurity labs.
- Collaborate closely with your team by sharing expertise, reviewing each other's work, and raising the quality bar collectively.
- Take charge of planning and designing portions of the content development roadmap.
- Collaborate with the Head of Content Engineering to continuously improve the content development process.
- Analyse industry trends in tooling and techniques and recreate them as teachable content.
- Strategically plan, review, and schedule content with our blue team content engineering team.
Technical Skills & Experience
To be considered for this opportunity, you must have significant hands on relevant cyber security industry experience in roles such as Incident Responder, Threat Hunter, Digital Forensics Investigator or L3 SOC Analyst. You should also demonstrate:
- Proven, hands‑on experience responding to real incidents in Windows environments.
- Triaging compromised endpoints, analysing forensic artefacts, and reconstructing attacker timelines from initial access through to impact.
- Solid grounding in Windows forensics and artefact analysis – event logs, registry hives, NTFS artefacts, and memory/disk forensics – with the ability to extract attacker activity from both live systems and forensic images.
- Working knowledge of offensive techniques used against Windows and Active Directory environments, including credential dumping, privilege escalation, Kerberos‑based attacks, and lateral movement, and critically, how to detect them in forensic artefacts, contain them during live response, and prevent recurrence.
- Hands‑on familiarity with attacker tooling and tradecraft – fileless execution, living‑off‑the‑land techniques (LOLBins), common exfiltration methods, and ransomware deployment patterns – including the TTPs of active APT groups and ransomware‑as‑a‑service operators.
- Experience with DFIR collection tooling such as EZ Toolset, Velociraptor, KAPE, or equivalent with an understanding of how to conduct IR at scale across enterprise environments.
- Strong verbal and written English communication skills, essential for conveying complex technical concepts.
Preferred Skills (nice‑to‑have)
- Any experience creating training content, writing documentation, or explaining technical concepts to others either formally or informally.
- Deeper expertise in one or more specialist areas: Active Directory attack paths (Kerberoasting, DCSync, ADCS), memory forensics (MemProcFS, Volatility), or advanced NTFS analysis.
- Creating challenges for capture the flags (CTFs).
- Experience leading, coaching, or mentoring others.
- Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Security Analyst Level 2 (SAL2), Certified Forensic Analyst (GCFA).
Benefits & Perks
- 100% Remote - In a fully digital world, work from anywhere you want!
- Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm).
- Tools - a dedicated work laptop + any accessories you need to do your best work.
- Swag Pack - start your TryHackMe journey with a branded swag bundle!
- Personal Development - £2,500 training budget to acquire certifications, and more.
- Company Retreat - an annual company retreat, fully paid for by us!
- Lunch on us - whether you're a pizza‑lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches.
- Health Insurance - if you're in a country that doesn't have public health care.
- Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements.
- 401k / Pension - TryHackMe makes it easy to save money for your retirement.
Senior Windows IR Practitioner | Cyber Security Training in London employer: TryHackMe Ltd
At TryHackMe Ltd, we pride ourselves on being an excellent employer that values flexibility and employee growth. Our remote work culture fosters a supportive environment where you can thrive while building meaningful client relationships in the dynamic field of cybersecurity. With competitive salaries, comprehensive benefits including health insurance and a training budget, as well as opportunities for professional development, we are committed to your success and well-being.
StudySmarter Expert Advice🤫
We think this is how you could land Senior Windows IR Practitioner | Cyber Security Training in London
✨Tip Number 1
Network like a pro! Reach out to your connections in the cyber security field, attend industry events, and join online forums. The more people you know, the better your chances of hearing about job openings before they even hit the market.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your incident response work, training materials, or any labs you've developed. This will give potential employers a taste of what you can bring to the table and set you apart from the competition.
✨Tip Number 3
Prepare for interviews by brushing up on your technical knowledge and practising common interview questions. We recommend doing mock interviews with friends or colleagues to build confidence and get feedback on your responses.
✨Tip Number 4
Don't forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you're genuinely interested in joining our team at StudySmarter!
We think you need these skills to ace Senior Windows IR Practitioner | Cyber Security Training in London
Some tips for your application 🫡
Show Off Your Experience:When you're writing your application, make sure to highlight your real-world incident response experience. We want to see how your hands-on skills translate into creating top-notch training content.
Be Clear and Concise:Use straightforward language to explain your technical expertise. We appreciate clarity, so avoid jargon where possible and focus on making your points easy to understand for everyone.
Tailor Your Application:Make sure to customise your application to reflect the specific skills and experiences mentioned in the job description. This shows us that you’ve done your homework and are genuinely interested in the role.
Apply Through Our Website:Don’t forget to submit your application through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves.
How to prepare for a job interview at TryHackMe Ltd
✨Showcase Your Real-World Experience
Make sure to highlight your hands-on experience in incident response and Windows forensics during the interview. Share specific examples of incidents you've handled, detailing your approach and the outcomes. This will demonstrate your practical knowledge and how it can translate into creating effective training content.
✨Prepare Scenario-Driven Labs
Since the role involves developing realistic labs, think about how you can turn your experiences into engaging training scenarios. Prepare a couple of ideas or outlines for labs that reflect real-world attacks in Windows environments. This shows your creativity and understanding of what learners need.
✨Collaborate and Communicate
Emphasise your ability to work collaboratively with teams. Be ready to discuss how you've shared expertise and improved processes in previous roles. Good communication skills are essential, so practice explaining complex concepts clearly and concisely, as this will be crucial in your new role.
✨Stay Updated on Industry Trends
Research current trends in cyber security, especially those related to Windows environments and incident response. Be prepared to discuss recent developments or tools you've encountered. This shows your commitment to continuous learning and your ability to bring fresh insights to the team.