Senior Incident Response Consultant

About CFC Response

CFC Response is the cybersecurity arm of CFC Underwriting, a specialised cyber insurance provider with a track record of disrupting inefficient markets and developing proprietary technology to deliver high-quality products and services to faster than the competition.

With 700+ employees across our offices spanning the UK (London HQ), US (New York and Austin), Europe (Belgium) and Australia (Brisbane); CFC serves 100,000+ businesses in 80+ countries. We’re privately owned and growing faster than any of our competitors in the market.

Although insurance is a serious business, our culture isn’t overly corporate, and we never take ourselves too seriously. We invest in the learning, development and growth of our employees and enjoy an inclusive working atmosphere that is friendly, supportive, and fun.

Role Details

This a technical incident response role whose primary focus is investigating the root cause of a given cyber incident and communicating the subsequent findings to the respective insured/client. As part of this undertaking, you will be working alongside and leading small teams of IR industry professionals who are responding to novel and complex threat campaigns, at scale, and across the globe. Furthermore, you will be supported by a wider team of experts who will manage the interface with the insured/client and coordinate the associated technical containment and recovery activities.

Key responsibilities & accountabilities

· Mentor and develop team members during proactive and responsive cyber engagements.

· Conduct host, network, and application forensic investigations to identify Indicators of Compromise (IOCs) and determine the subsequent root cause of a given cyber incident.

· Ascertain through analysis the extent of a respective compromise, detail attributes of any related threat actor tooling and malware, and if possible, determine if any data was exfiltrated.

· Author comprehensible forensic findings reports that detail the attack timeline from initial intrusion through to final objective, and provide appropriate recommendations to remediate findings.

· Maintain expert knowledge of forensic tools, industry best practices, and associated threat actors Tools, Techniques, and Procedures (TTPs).

Essential Skills, Knowledge, and Experience

· 3 – 5 years experience in cyber incident response investigations.

· Experience collecting and analysing electronic media, packet capture, log data, and network devices data to determine root cause.

· Experience collecting data from and performing forensic analysis on Cloud-based services (G-Suite, Office 365 etc.).

· Deploying and utilising EDR tools during incidents (Carbon Black, SentinelOne, Huntress etc.).

· Excellent planning, organisational, and communication skills.

· Relevant Technical industry certifications such as CISSP, GCIH, GCFA, or equivalent.

The information contained within this job description is not intended to be an all-inclusive list of the duties and responsibilities of the role. The role holder may be required to perform other related duties as assigned. CFC Underwriting Limited may at its discretion, assign or reassign duties and responsibilities as appropriate.