Empiric Empiric


  • Incident Report Specialist - Digital Forensics - London
    London Permanent

    55,000 £ annum

    My Cleint is looking for a Incident Report Specialist to join their team on a permanent basis in London. This position is well suited for an individual with 3 to 5 years of experience in cyber-security and incident response. You should be able to guide a client through a structured incident response process - triage, containment, eradication and recovery. If you are provided with forensic data such as: disk image, memory image and network data capture or proxy logs, you should be able to identify malware artefacts, source of infection and use online research to identify malware family.

    This is a hands-on role with opportunities to grow into management. The successful candidate is expected to manage cyber-security incidents as well as perform digital forensics (disk, volatile memory, network packets, logfiles) and help advance the clients proprietary in-house toolkit.

    In this role we are looking for a person who can demonstrate strong technical background, experience in incident response and digital forensics and is looking to grow skills and experience. You will be expected to lead one or two analysts to achieve a task in a project, as well as have the opportunity to work with, and learn from, our most experienced team members as part of your continuous development. When not responding to incidents, you will help our clients to build their in-house incident response capabilities, which will include: building and developing cyber-response tools, authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises.


    * Help manage and co-ordinate cyber security incidents for our clients, working closely with the incident management lead within the team.

    * Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).

    * Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.

    * Develop clients in house cyber-response tools

    * Help assess client incident response capability maturity.

    * Help stand-up or improve clients' own incident response capabilities.

    * Help with project management of engagements to deliver high quality work in a timely manner, including:

    * Scoping

    * Basic financial management

    * Engagement and risk management

    * Production and review of deliverables.

    * Liaising with clients on delivery, implementation and sales issues.

    Qualifications and Skills

    The successful candidate will demonstrate competency in computing and networks as well as in cybersecurity either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as means to demonstrate competency and not as a requirement. The desired skill and qualification is provided below:

    * Excellent communication skills (both written and oral) and project management skills.

    * Strong IT and network skills - knowledge of common enterprise technologies - Windows and Windows Active Directory, Linux, Cisco, etc.

    * Working programming skill-set to be able to author and develop tools. Most in-house security tools in client are written in Python, but we accept that a competent programmer will be able to transfer skillsets across languages.

    * Technical proficiency in at least one of these areas: network security/traffic/log analysis; Linux and/or Mac/Unix operating system forensics; Linux/Unix disk forensics (ext2/3/4, HFS+, and/or APFS file systems), advanced memory forensics, static and dynamic malware analysis / reverse engineering, advanced mobile device forensics

    * Advanced experience in industry computer forensic tools such as X-Ways, EnCase, FTK, Internet Evidence Finder (IEF) AXIOM, TZWorks, and/or Cellebrite

    * Advanced experience in preservation of digital evidence (including experience preserving cloud data and handling encryption such as BitLocker, FileVault, and/or LUKS)

    * Experience with and understanding of enterprise Windows security controls

    * (Preferred) Degree level qualified, MSc in Information Security, IT or relevant STEM subjects.

    * (Preferred) General information security certificates such CISSP, CISM or CISA.

    * (Preferred) Incident management certifications such as:

    * CREST certified incident manager (CCIM).

    * GIAC Certified Incident Handler (GCIH)

    * (Preferred) Digital forensics certificates such as:

    * CREST certified registered intrusion analyst (CRIA),

    * CREST certified network intrusion analyst (CCNIA),

    * CREST certified host intrusion analyst (CCHIA),

    * CREST certified malware reverse engineer (CCMRE),

    * GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)

    * (Preferred) A current government security clearance (SC/DV) or willingness to acquire such a clearance will be seen as an advantage.

    This is a critical position, interviews are taking place this week so be sure to be an early applicant!

    contact Tommy for a confidential chat.

    Empiric is one of the fastest-growing technology and transformation recruitment agency's specialising in data, digital, cloud and security. We supply technology and change recruitment services to businesses looking for both contract and permanent professionals. We are committed to delivering more female candidates and those from minority backgrounds and be instrumental in changing the gender and diversity imbalance within the tech sector.

    Empiric Solutions is acting as an Employment Agency in relation to this vacancy.

    Empiric Solutions is acting as an Employment Agency in relation to this vacancy.


Login to your Empiric account.

Forgot password?


Don't have an account yet?

Create an account now and get access to our online features.


This website uses cookies to ensure you get the best experience on our website