Incident Response Consultant, BlackBerry Cylance 45 views

Worker Sub-Type:


Job Description:

Be part of something special; come join the BlackBerry Cylance Incident Response team!

**Open to locations across Europe, not just the UK, office and remote**

BlackBerryCylance® a subsidiary of BlackBerry, is revolutionizing cyber security with products and services that proactively prevent, rather than re-actively detect the execution of advanced persistent threats and malware. Our technology is deployed on over four million endpoints and protects hundreds of enterprise clients worldwide including Fortune 100 organizations and government institutions. Our native AI solutions deliver the threat prevention, detection, and response capabilities security teams need to maximize their own expertise with better insight —and in turn drive better informed strategic security decisions.

It’s an exciting time to join us!

As part of our highly specialised Cybersecurity Delivery team, you’ll undertake complex and sensitive engagements, providing enterprise forensic consultancy services to customers at the executive and senior management levels as well as within technical and non-technical teams. Using your extensive technical skills and knowledge, you’ll ensure that we maintain the high standards that we provide to our customers, working against advanced attackers who are ingrained in complex customer environments while providing tailored containment and remediation advice.

In return for your talent and enthusiasm, we will provide you with exciting projects to work on, and an attractive compensation & benefits package. You’ll also have the opportunity to thrive in a dynamic environment, working alongside outstanding colleagues who will push you to grow as a consultant and as a forensic expert. In short, you bring the talent and we provide the environment, tools and resources for you to succeed and accelerate your growth & development.

In this role, you will:

  • Take a lead role in client investigation and response engagements, influencing the response strategy with stakeholders from technical to senior management
  • Report and present detailed results and recommendations to both technical and non-technical stakeholders
  • Work in partnership with BlackBerry Cylance Cybersecurity sales teams, demonstrating the capacity and ability of the forensics business to potential clients
  • Collect and investigate data from a wide range of systems and software to understand the attacker activity and produce a containment strategy
  • Engage in skills transfer both internally and, when required, with customers.
  • Work to respond in real time to advanced attackers in complicated and fluid environments
  • Work with an enthusiastic and expert team to contribute to keeping the methodology at the cutting edge
  • Collaborate with the other cyber security teams to add value to Cylance’s suite of service offerings

Ideally, you will have:

  • Experience performing Digital Forensics and Incident Response (DFIR) investigations on multiple Operation Systems; Windows, Mac and Linux
  • Tool agnostic with an emphasis on knowing the forensic artifacts themselves versus relying on tool output
  • Knowledge of and the ability to use popular EDR technologies during DFIR engagements
  • Experience analyzing a myriad of system and network logs using Splunk and/or ELK
  • Experience responding to APT style targeted attacks, with a good understanding of operational security concepts during live breaches
  • Knowledge of threat hunting and knowledge of the artifacts necessary to review while threat hunting
  • Ability to analyze PCAP data
  • Ability to triage and analyze malware dynamically within a virtual environment to quickly gain a set of IOCs during an IR engagement
  • Knowledge of System Administrator roles and responsibilities with an understanding of Windows Domain environments
  • Experience performing memory analysis as part of an incident response engagement
  • Ability to be client facing by interacting with our clients and their executive leadership
  • Creative problem-solving self starter, and an analytic and qualitative eye for reasoning
  • Ability to work with a remote team via collaboration tools
  • Strong documentation skills, ability to write executive and technical DFIR reports

Useful but not essential:

  • DFIR experience, including incident management
  • Proficient in either Python or Powershell
  • Experience with analysis of VBS and other WSH languages as well as web languages such as PHP and JS
  • Incident response certifications such as those offered by SANS/CREST/GIAC
  • Experience creating dashboards, writing Logstash filters, and Lucene queries
  • Knowledge performing DFIR investigations in Cloud environments (Azure, O365, AWS, and Google)
  • Any languages in addition to English

Interested to learn more? We would love to hear from you!


Job Family Group Name:


Scheduled Weekly Hours:


More Information

Only paid candidates can apply for this job.
Share this job


Company Information
  • Total Jobs 1164 Jobs
  • Slogan You Can and You Will
Contact Us