Associate Consultant, Cyber Response (Technical incident response) m/w/d

We now require an Associate Consultant to join our Cyber Response team in Berlin. As the Associate Consultant you will be responsible for delivering Control Risks’ cyber response projects to our wide variety of clients. This involves undertaking compromise assessments, business email compromise investigations and assisting with the technical response on complex cases. This role will report to the Associate Director of Cyber Response (Technical) and work closely with the Cyber Crisis Management team. The successful candidate will have an investigative background, a technical skill set and a deep understanding of current and emerging threat actors. This position offers a great opportunity for an existing SOC Analyst or person with similar escalation experience to move into a varied and fast-moving digital forensics incident response (DFIR) role. Please note fluent German as well as English is essential for this position.

Technical response

• Assisting with host and network-based investigations. Collaborating with the Digital Forensics Incident Response (DFIR) team to deliver the work you are engaged on.
• Threat hunting using EDR (Endpoint Detection and Response) Tooling to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity.
• Perform live compromise assessments for organisations who suspect a compromise.
• Detect and hunt unknown live, dormant, and custom malware in memory across multiple systems in an enterprise environment.
• Demonstrate an understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers.
• Work with the Cyber Threat Intelligence team to identify where they could benefit from the technical information acquired during Cyber Response cases.
• Advise on the safe technical recovery of an organisations IT systems balancing the need to understand what has happened but speed up recovery.

Reporting

• Provide situation reports and other significant case related material to the client and the Director of Cyber Response.
• Provide documentation to the relevant consultants in sufficient time to allow review and feedback, before submitting to a client.

Supporting the growth of the Cyber Response practice

• Discuss and input into Control Risks’ cyber response methodologies and approaches and tailoring the approach in changing market conditions.
• This role has a requirement to be on call so a flexibility to work weekends and evenings as required is essential.
• Identifying potential new areas of growth and opportunity.

Essential

• Proven experience escalation of incidents.
• Demonstrated knowledge of common networks, software and hardware used in business environments. A technical degree or relevant qualifications would be very advantageous.
• Experience in conducting log analysis.
• Proven experience in responding to cyber-attacks.
• Demonstrable experience of operating within a Security Operations Centre.
• Good experience with an EDR tool e.g. SentinelOne, CrowdStrike, Microsoft Defender or similar tool is required.
• Knowledge and experience of SIEM is essential.
• Fluent in English (written and spoken).
• Fluent in German (written and spoken).
• Excellent presentation skills.
• Excellent analytical skills.

Preferred Qualifications and specialist skills

• Strong understanding of MITRE ATT&CK techniques / sub-techniques. The ability to articulate TTPs to clients in non-technical terms.
• Experience in generating SIGMA rules for host detection, SNORT rules for network detection and YARA Signatures for file and memory artefact identification.
• Consulting experience would be a plus.

Control Risks offers a competitively positioned compensation and benefits package that is transparent and summarized in the full job offer. Control Risks supports hybrid working arrangements, wherever possible, that emphasize the value of in-person time together – in the office and with our clients – while continuing to support flexible and remote working.

#J-18808-Ljbffr