Senior Incident Response Consultant

Worker Sub-Type:
Regular

**Job Description**:
Senior Incident Response Consultant

Be part of something special; come join the BlackBerry Incident Response team

BlackBerry® - the iconic brand you know and trust - is now a market leading cybersecurity software and services company.

Creating the gold standard for unified endpoint security (UES) and unified endpoint management (UEM),

BlackBerry Spark

offers the broadest set of security capabilities, management tools and visibility covering people, devices, networks, apps, and automation. BlackBerry Spark leverages artificial intelligence (AI), machine learning and automation to provide improved cyber threat prevention and remediation, while offering visibility across all endpoints for better management and control.

Among the first to market with full sixth generation Artificial Intelligence (AI) for cybersecurity, BlackBerry Spark helps users understand risks and make smart decisions to mitigate them before they happen. Named by Cybersecurity Ventures as 1 of the top 150 companies to watch, our top customers include all the G7 governments, 9 of the top 10 global financial institutions & automotive OEMs, as well as the largest global aerospace, defense, healthcare and media companies.

Come join us as we deliver ‘Intelligent Security. Everywhere.’

Are you the person we are looking for?

As part of our highly specialised Cybersecurity Delivery team, you’ll undertake complex and sensitive engagements, providing enterprise forensic consultancy services to customers at the executive and senior management levels as well as within technical and non-technical teams. Using your extensive technical skills and knowledge, you’ll ensure that we maintain the high standards that we provide to our customers, working against advanced attackers who are ingrained in complex customer environments while providing tailored containment and remediation advice.

In return for your talent and enthusiasm, we will provide you with exciting projects to work on, and an attractive compensation & benefits package. You’ll also have the opportunity to thrive in a dynamic environment, working alongside outstanding colleagues who will push you to grow as a consultant and as a forensic expert. In short, you bring the talent and we provide the environment, tools and resources for you to succeed and accelerate your growth & development.

In this role, you will:

- Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management
- Report and present detailed results and recommendations to both technical and non-technical stakeholders
- Work in partnership with BlackBerry Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients
- Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy
- Engage in skills transfer both internally and, when required, with customers.
- Work to respond in real time to advanced attackers in complicated and fluid environments
- Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge
- Collaborate with the other cyber security teams to add value to BlackBerry’s suite of service offerings

Ideally, you will have:

- Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems, e.g., Windows, Mac, Linux, and network appliances
- Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
- Knowledge of and the ability to use popular EDR technologies during DFIR engagements
- Experience analyzing a myriad of system and network logs using Splunk and/or ELK
- Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches
- Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
- Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
- Ability to clearly interact with our clients and their executive leadership
- Creative problem-solving self-starter, and an analytic and qualitative eye for reasoning
- Ability to work with a remote team via collaboration tools
- Strong documentation skills, ability to write executive and technical DFIR reports

Useful but not essential:

- Proficient in either Python, PowerShell or Shell Scripting
- Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
- Incident response certifications such as those offered by SANS/CREST/GIAC
- Experience of ‘deep-dive’ and individual host forensic analysis
- Experience performing memory analysis as part of an incident response engagement
- Any languages in addition to English

An Absolute