Incident & Response Manager Ref. JOB-072021-147696_1627641193

Our client, a global professional services leader, is seeking an Incident & Response Manager to join their best-in-class cyber security function. The role will pay up to a c£75,000 basic - excluding benefits (bonuses, pension, healthcare, choices etc.) and will be remotely based to begin with.

This is a hands-on and operational management role with opportunities to grow into service line leadership. The successful candidate is expected to manage a broad range of cyber-security incidents as well as perform digital forensics (disk, volatile memory, network packets, logfiles) and help advance KPMG's incident response processes and methodologies.

When not responding to incidents, you may be helping our clients to build their in-house incident response capabilities, which could include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises. When not engaged in client work, you will be helping to develop our own delivery capability, including operational efficiency, standard operating procedures, team learning and development, tooling and platforms, lab development and orchestration.

Our clients expect that cyber-incidents will be tackled with urgency, therefore, there is an expectation that you will be flexible in terms of working hours. In addition, you should be prepared to travel on short notice for periods up to 2 or 3 weeks at a time.

Responsibilities

* Manage and co-ordinate cyber security incidents for our clients, working closely with the head of cyber response.
* Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.
* Assess client incident response capability maturity.
* Production and review of deliverables to a high standard.
* Liaising with clients on delivery, implementation and project issues.
* Ability to generate well-structured responses to bids and requests for proposals.

Qualifications and Skills

The successful candidate will demonstrate competency in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:

* Excellent communication skills (both written and oral) and project management skills.
* Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics
* Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) / AXIOM, TZWorks, and/or Cellebrite
* Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)
* Experience with and understanding of enterprise Windows security controls
* (Preferred) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.
* (Preferred) General information security certificates such CISSP, CISM or CISA.
* (Preferred) Incident management certifications such as:
* CREST certified incident manager (CCIM).
* GIAC Certified Incident Handler (GCIH)
* (Preferred) Digital forensics certificates such as:
* CREST certified registered intrusion analyst (CRIA),
* CREST certified network intrusion analyst (CCNIA),
* CREST certified host intrusion analyst (CCHIA),
* CREST certified malware reverse engineer (CCMRE),
* GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)
* (Preferred) A current government security clearance (SC/DV) or willingness to acquire s