Junior Penetration Tester Position Description CGI Cyber Security Team in the UK is one of the largest Cyber consultancies in the UK with around 1700 members. The UK Cyber team works across a variety of domains including: Government, Defence, Critical Infrastructure, Healthcare, Utilities, Banking and Financial Services and many more. At CGI you will get the opportunity to work across a number of domains and work in all areas of Cyber Security allowing you to grow and develop your career. CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named one of the 'World's Best Employers' by Forbes magazine. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. This is a good opportunity for a junior penetration tester to work alongside and learn from experienced penetration testers (CHECK Team Members and CHECK Team Leaders) at CGI, joining the Cyber Security business unit, one of the largest groups of cyber security specialists in the UK. CGI has a long-established reputation in this area, undertaking rigorous testing for a variety of commercial and public sector clients for over 30 years. Due to the secure nature of the programme, you will need to hold UK Security Clearance or be eligible to go through this clearance. Your future duties and responsibilities • Deliver end to end penetration testing engagements across web applications and infrastructure domains, from initial client engagement and scoping through to reporting and client aftercare. • Participate in client interactions including scoping discussions, requirements gathering, and contribution to proposals and statements of work. • Conduct penetration tests using structured methodologies and industry recognised approaches. • Deliver engagements as part of a collaborative team rather than individually, leveraging shared expertise to enhance assessment quality and support continuous learning. • Produce high quality technical documents (including reports and technical proposals), covering detailed technical content and executive level summaries, in line with internal standards. • Engage with the internal QA process to support report quality and ongoing development. • Maintain strong communication throughout engagements, including client calls, progress updates, and formal debrief sessions. Required qualifications to be successful in this role Essential: • Hack the Box Certified Penetration Testing Specialist (CPTS) or OffSec Certified Professional (OSCP) • Commitment to working towards NCSC CHECK Team Member (CTM) status Desirable: • CREST Practitioner Security Analyst (CPSA) • CREST Registered Penetration Tester (CRT) • Cyber Scheme Team Member (CSTM) • Certified Red Team Operator (CRTO) • Practitioner Cyber Security Professional (PraCSP) • Previous penetration testing experience is advantageous but not mandatory. Structured training and mentoring will be provided. Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
05/05/2026
Full time
Junior Penetration Tester Position Description CGI Cyber Security Team in the UK is one of the largest Cyber consultancies in the UK with around 1700 members. The UK Cyber team works across a variety of domains including: Government, Defence, Critical Infrastructure, Healthcare, Utilities, Banking and Financial Services and many more. At CGI you will get the opportunity to work across a number of domains and work in all areas of Cyber Security allowing you to grow and develop your career. CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named one of the 'World's Best Employers' by Forbes magazine. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. This is a good opportunity for a junior penetration tester to work alongside and learn from experienced penetration testers (CHECK Team Members and CHECK Team Leaders) at CGI, joining the Cyber Security business unit, one of the largest groups of cyber security specialists in the UK. CGI has a long-established reputation in this area, undertaking rigorous testing for a variety of commercial and public sector clients for over 30 years. Due to the secure nature of the programme, you will need to hold UK Security Clearance or be eligible to go through this clearance. Your future duties and responsibilities • Deliver end to end penetration testing engagements across web applications and infrastructure domains, from initial client engagement and scoping through to reporting and client aftercare. • Participate in client interactions including scoping discussions, requirements gathering, and contribution to proposals and statements of work. • Conduct penetration tests using structured methodologies and industry recognised approaches. • Deliver engagements as part of a collaborative team rather than individually, leveraging shared expertise to enhance assessment quality and support continuous learning. • Produce high quality technical documents (including reports and technical proposals), covering detailed technical content and executive level summaries, in line with internal standards. • Engage with the internal QA process to support report quality and ongoing development. • Maintain strong communication throughout engagements, including client calls, progress updates, and formal debrief sessions. Required qualifications to be successful in this role Essential: • Hack the Box Certified Penetration Testing Specialist (CPTS) or OffSec Certified Professional (OSCP) • Commitment to working towards NCSC CHECK Team Member (CTM) status Desirable: • CREST Practitioner Security Analyst (CPSA) • CREST Registered Penetration Tester (CRT) • Cyber Scheme Team Member (CSTM) • Certified Red Team Operator (CRTO) • Practitioner Cyber Security Professional (PraCSP) • Previous penetration testing experience is advantageous but not mandatory. Structured training and mentoring will be provided. Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
Incident Response Lead Position Description If you're ahead of the game on systems risk and cyber security, we can secure your career ambitions. At CGI, our Security Experts are trusted to work closely with a wide range of clients on exciting projects with real-world purpose and impact. CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named a UK 'Best Employer' by the Financial Times. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. This is a hybrid position. Your future duties and responsibilities As the Incident Response Lead you will be part of the CGI Global Security Operations Center (GSOC) team which provides security monitoring, detection and response services in CGI. You can lead and conduct highly technical incident response engagements, setting the incident response plan, and working with and leading colleagues where required in the correct application of incident response processes within CGI. In addition you will be a highly effective communicator and can communicate at all levels within the business. This role requires a thorough understanding of cyber security and in-depth knowledge and experience around cyber incident response, threat actor techniques, tactics and procedures (TTPs), computer networking fundamentals, modern threats and vulnerabilities, and forensics methodologies and tools. • Provide technical leadership and conduct incident response engagements to ensure timely response, investigation and remediation execution across cloud, on premise and remote devices • Help to develop incident response within the Global SOC, paying particular attention to best practices and advances in technology or cyber security • Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation • Act as the senior subject matter expert where required during security incidents • Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes) • Work closely with other teams to provide mitigation recommendations and lessons learned to reduce the overall security risk within the organisation • Preform basic reverse engineering on malware using dynamic and static analysis • Be part of an on-call roster providing 24/7 incident response functions • Act as a mentor to junior analysts in GSOC Required qualifications to be successful in this role You should have expertise and demonstrate experience in working in a similar cybersecurity role or associated discipline. • Previous experience leading incident response engagements • Strong understanding of Incident Response methodologies and tools • Strong understanding of networking fundamentals • Strong understanding of Windows/Linux/Unix operating systems • Strong understanding of operating system and software vulnerabilities and exploitation techniques • SIEM Experience (e.g. Arcsight, Splunk, Logpoint, ELK) • EDR Experience (e.g. CrowdStrike Falcon, SentinelOne, Microsoft Defender, Cortex) • Network analysis experience with NDR technologies • Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering) • Experience of utilizing threat intelligence sources • User investigations, Behavioural Analysis technology and or processes • Experience with Insider Threat Investigations Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
05/05/2026
Full time
Incident Response Lead Position Description If you're ahead of the game on systems risk and cyber security, we can secure your career ambitions. At CGI, our Security Experts are trusted to work closely with a wide range of clients on exciting projects with real-world purpose and impact. CGI was recognised in the Sunday Times Best Places to Work List 2025 and has been named a UK 'Best Employer' by the Financial Times. We offer a competitive salary, excellent pension, private healthcare, plus a share scheme (3.5% + 3.5% matching) which makes you a CGI Partner not just an employee. We are committed to inclusivity, building a genuinely diverse community of tech talent and inspiring everyone to pursue careers in our sector, including our Armed Forces, and are proud to hold a Gold Award in recognition of our support of the Armed Forces Corporate Covenant. Join us and you'll be part of an open, friendly community of experts. We'll train and support you in taking your career wherever you want it to go. This is a hybrid position. Your future duties and responsibilities As the Incident Response Lead you will be part of the CGI Global Security Operations Center (GSOC) team which provides security monitoring, detection and response services in CGI. You can lead and conduct highly technical incident response engagements, setting the incident response plan, and working with and leading colleagues where required in the correct application of incident response processes within CGI. In addition you will be a highly effective communicator and can communicate at all levels within the business. This role requires a thorough understanding of cyber security and in-depth knowledge and experience around cyber incident response, threat actor techniques, tactics and procedures (TTPs), computer networking fundamentals, modern threats and vulnerabilities, and forensics methodologies and tools. • Provide technical leadership and conduct incident response engagements to ensure timely response, investigation and remediation execution across cloud, on premise and remote devices • Help to develop incident response within the Global SOC, paying particular attention to best practices and advances in technology or cyber security • Perform Advanced Digital Forensics Analysis, Host based or Network analysis as required during an investigation • Act as the senior subject matter expert where required during security incidents • Provide ideas and feedback to improve the overall SOC capabilities or maturity (focus on people and processes) • Work closely with other teams to provide mitigation recommendations and lessons learned to reduce the overall security risk within the organisation • Preform basic reverse engineering on malware using dynamic and static analysis • Be part of an on-call roster providing 24/7 incident response functions • Act as a mentor to junior analysts in GSOC Required qualifications to be successful in this role You should have expertise and demonstrate experience in working in a similar cybersecurity role or associated discipline. • Previous experience leading incident response engagements • Strong understanding of Incident Response methodologies and tools • Strong understanding of networking fundamentals • Strong understanding of Windows/Linux/Unix operating systems • Strong understanding of operating system and software vulnerabilities and exploitation techniques • SIEM Experience (e.g. Arcsight, Splunk, Logpoint, ELK) • EDR Experience (e.g. CrowdStrike Falcon, SentinelOne, Microsoft Defender, Cortex) • Network analysis experience with NDR technologies • Malware Analysis (Static Analysis or Dynamic Analysis of captured file, Reverse Engineering) • Experience of utilizing threat intelligence sources • User investigations, Behavioural Analysis technology and or processes • Experience with Insider Threat Investigations Together, as owners, let's turn meaningful insights into action. Life at CGI is rooted in ownership, teamwork, respect and belonging. Here, you'll reach your full potential because You are invited to be an owner from day 1 as we work together to bring our Dream to life. That's why we call ourselves CGI Partners rather than employees. We benefit from our collective success and actively shape our company's strategy and direction. Your work creates value. You'll develop innovative solutions and build relationships with teammates and clients while accessing global capabilities to scale your ideas, embrace new opportunities, and benefit from expansive industry and technology expertise. You'll shape your career by joining a company built to grow and last. You'll be supported by leaders who care about your health and well-being and provide you with opportunities to deepen your skills and broaden your horizons. Come join our team-one of the largest IT and business consulting services firms in the world.
REQUISITOS The Role: We are seeking a highly skilled Senior Azure Cloud DevOps Engineer with deep experience (3-5 years) in automation, Azure native services, and modern DevOps practices. You will build and manage cloud native solutions and automated deployment pipelines using Azure DevOps, GitHub Actions, and YAML to enhance delivery speed, system reliability, and operational efficiency. You will design secure, scalable architectures across the Azure platform, while contributing to a high performance engineering culture within an Agile/Scrum environment. This position requires strong hands on expertise in automation scripting and the ability to proactively improve system monitoring and observability. Key Responsibilities: Build - Mastery - Innovate - Optimize Architect and Implement: Build robust Azure cloud solutions, leveraging services such as Azure App Services, Azure Functions, Azure Kubernetes Service (AKS), API management, SQL Database and various Azure native components. DevOps Mastery: Define, optimize, and maintain Azure DevOps and GitHub Actions CI/CD pipelines, using Infrastructure as Code with Terraform, Bicep, and PowerShell scripting to streamline deployments, configuration updates, maintenance, and provisioning tasks. Innovate: Conduct proof of concepts for emerging Azure technologies and Gen AI applications. Platform integration: Integrate and manage key platform services, including Storage, Networking, Identity, and Monitoring, ensuring seamless end to end operations. Well Architected: Implement secure, scalable designs following best practices for availability, performance optimization, and cloud security. Collaboration: Work within Agile/Scrum teams, partnering with developers, cloud engineers, and stakeholders to deliver high quality, cloud ready solutions. Analytical skills: Diagnose and resolve complex issues in cloud and DevOps environments, applying strong problem solving and analytical skills. Optimize: Ensure solutions are cost effective, high performing, and reliably secure. Take on a prominent role in the architecture and design of web solutions. Work with the wider development team to scope out and develop new web applications for existing services. Develop a flexible and well structured back end architecture. Participate in code reviews, testing, and quality assurance processes to ensure high quality code Help identify, escalat, resolve any technical issues and problems that might occur. Participate in code reviews, testing, and quality assurance to meet project goals and timelines. Provide technical guidance to junior developers and communicate effectively with clients and stakeholders. Set up and manage the computational infrastructure required to build, test and release applications. Develop and maintain tools to assist other developers in delivering their changes to production environments quickly and reliably. Establish and enforce development and coding best practices within the teams. Automate existing manual tasks to reduce delivery time and free up time for core development. Share knowledge and collaborate effectively with the rest of the Compute team based in other locations. Levallois-Perret . France Manager At Devoteam, we help organisations unlock the full potential of the cloud. As a Microsoft Cloud Consultant, you guide customers through their cloud journey and help them build secure, scalable and futureproof platforms. You guide them through the complexities of Microsoft Azure and ensure their platform is engineered for long term success. You'll join a team that thrives on innovation, collaboration and continuous learning-because shaping the future of cloud means staying ahead of it. Your role As a Cloud Consultant, you support customers in designing, managing and improving their cloud environments. You translate business needs into smart technical solutions and ensure the underlying platform is reliable, secure and ready for growth. You will: Support customers with the management, integration and maintenance of their cloud platform, ensuring stability, security and operational excellence. Work on core infrastructure and technology services within the landing zone, helping customers build a strong and compliant cloud foundation. Collaborate closely with DevOps teams, who focus on development practices and platform usage, while you ensure the platform itself is robust and well architected. Collaborate with the Data & AI teams to ensure transformation projects provide the necessary foundations for advanced AI Foundry and Fabric implementations. Conduct feasibility studies for new cloud services or platform improvements, always keeping an eye on innovation and long term value. Think proactively about security, maintainability, flexibility and efficiency in every solution you design. We are seeking our next talents to work on data-related projects (at Strategy, Business, and Operations levels). The ideal candidate will have a deep understanding of data analysis, management, and visualization, coupled with strong problem solving and communication skills. The Data Consultant will collaborate with clients and internal teams to assess data needs, develop strategies for effective data utilization, and implement solutions that drive business insights. Responsibilities: Analyze complex datasets to identify trends, patterns, and insights. Interpret data to provide actionable recommendations for business improvement. Work closely with clients to understand their business goals and data requirements. Collaborate on the development of data strategies aligned with client objectives. Design and implement data management processes to ensure data accuracy, completeness, and security. Develop and maintain data documentation and metadata. Create visually appealing and insightful reports and dashboards. Communicate data findings effectively to both technical and non-technical stakeholders. Identify and resolve data related issues and challenges. Propose innovative solutions to improve data processes and systems. Stay updated on industry trends and advancements in data technologies. Provide guidance on the selection and implementation of data tools and technologies. Levallois-Perret . France & Devops Engineer Vos Missions : Lisboa . Portugal Assurance Analyst Ability to elicit and document technical requirements; Preparation of use cases for validation of the solution under implementation; Manage and validate the requirements; Identify gaps and opportunities for process improvements; Analyze functional and technical specifications to ensure that the construction and definition of test cases is in agreement; Execution of different types of software tests in order to validate that the developed solutions respond to the requirements defined in the technical and functional specifications, ensuring compliance with the defined testing framework; Updating documentation and deliverables related to testing (test plans, test scripts and evidence reports). Machelen . Belgium & Compliance Engineer What are we looking for? As a Security GRC consultant, you are able to engage with our clients in all industry sectors to scope out their cyber requirements and to deliver on their Governance, Risk and Compliance projects based on your expert advice. You are able to help clients understand their risk exposure in their environment and design solutions to remediate their risks. What will your day look like? You will adopt and integrate Compliance & Risk Frameworks for specific projects at our clients. This can include data entry into ServiceNow GRC tool, creating status reports and maintain statistics. You will also support our clients in the development of their security program regarding compliance and data privacy, which includes performing or documenting Framework Assessments; advising on or creating appropriate Policies; and revising, creating, or assisting in the creation of Risk Management, Incident Response, and Business Recovery programs. Who will you work with? You will be part of the Cyber Trust team with more than 50 people in Belgium, exchanging insights and knowledge, "ensuring a secure IT environment protecting the business goals". You will work with our customer's business and technical employees to capture, discuss and verify cyber risks. You work on flexible daily basis, on site at client's office, at Devoteam in Zaventem or at home. You will report to your practice manager, who will be your point of contact for development and career guidance.
05/05/2026
Full time
REQUISITOS The Role: We are seeking a highly skilled Senior Azure Cloud DevOps Engineer with deep experience (3-5 years) in automation, Azure native services, and modern DevOps practices. You will build and manage cloud native solutions and automated deployment pipelines using Azure DevOps, GitHub Actions, and YAML to enhance delivery speed, system reliability, and operational efficiency. You will design secure, scalable architectures across the Azure platform, while contributing to a high performance engineering culture within an Agile/Scrum environment. This position requires strong hands on expertise in automation scripting and the ability to proactively improve system monitoring and observability. Key Responsibilities: Build - Mastery - Innovate - Optimize Architect and Implement: Build robust Azure cloud solutions, leveraging services such as Azure App Services, Azure Functions, Azure Kubernetes Service (AKS), API management, SQL Database and various Azure native components. DevOps Mastery: Define, optimize, and maintain Azure DevOps and GitHub Actions CI/CD pipelines, using Infrastructure as Code with Terraform, Bicep, and PowerShell scripting to streamline deployments, configuration updates, maintenance, and provisioning tasks. Innovate: Conduct proof of concepts for emerging Azure technologies and Gen AI applications. Platform integration: Integrate and manage key platform services, including Storage, Networking, Identity, and Monitoring, ensuring seamless end to end operations. Well Architected: Implement secure, scalable designs following best practices for availability, performance optimization, and cloud security. Collaboration: Work within Agile/Scrum teams, partnering with developers, cloud engineers, and stakeholders to deliver high quality, cloud ready solutions. Analytical skills: Diagnose and resolve complex issues in cloud and DevOps environments, applying strong problem solving and analytical skills. Optimize: Ensure solutions are cost effective, high performing, and reliably secure. Take on a prominent role in the architecture and design of web solutions. Work with the wider development team to scope out and develop new web applications for existing services. Develop a flexible and well structured back end architecture. Participate in code reviews, testing, and quality assurance processes to ensure high quality code Help identify, escalat, resolve any technical issues and problems that might occur. Participate in code reviews, testing, and quality assurance to meet project goals and timelines. Provide technical guidance to junior developers and communicate effectively with clients and stakeholders. Set up and manage the computational infrastructure required to build, test and release applications. Develop and maintain tools to assist other developers in delivering their changes to production environments quickly and reliably. Establish and enforce development and coding best practices within the teams. Automate existing manual tasks to reduce delivery time and free up time for core development. Share knowledge and collaborate effectively with the rest of the Compute team based in other locations. Levallois-Perret . France Manager At Devoteam, we help organisations unlock the full potential of the cloud. As a Microsoft Cloud Consultant, you guide customers through their cloud journey and help them build secure, scalable and futureproof platforms. You guide them through the complexities of Microsoft Azure and ensure their platform is engineered for long term success. You'll join a team that thrives on innovation, collaboration and continuous learning-because shaping the future of cloud means staying ahead of it. Your role As a Cloud Consultant, you support customers in designing, managing and improving their cloud environments. You translate business needs into smart technical solutions and ensure the underlying platform is reliable, secure and ready for growth. You will: Support customers with the management, integration and maintenance of their cloud platform, ensuring stability, security and operational excellence. Work on core infrastructure and technology services within the landing zone, helping customers build a strong and compliant cloud foundation. Collaborate closely with DevOps teams, who focus on development practices and platform usage, while you ensure the platform itself is robust and well architected. Collaborate with the Data & AI teams to ensure transformation projects provide the necessary foundations for advanced AI Foundry and Fabric implementations. Conduct feasibility studies for new cloud services or platform improvements, always keeping an eye on innovation and long term value. Think proactively about security, maintainability, flexibility and efficiency in every solution you design. We are seeking our next talents to work on data-related projects (at Strategy, Business, and Operations levels). The ideal candidate will have a deep understanding of data analysis, management, and visualization, coupled with strong problem solving and communication skills. The Data Consultant will collaborate with clients and internal teams to assess data needs, develop strategies for effective data utilization, and implement solutions that drive business insights. Responsibilities: Analyze complex datasets to identify trends, patterns, and insights. Interpret data to provide actionable recommendations for business improvement. Work closely with clients to understand their business goals and data requirements. Collaborate on the development of data strategies aligned with client objectives. Design and implement data management processes to ensure data accuracy, completeness, and security. Develop and maintain data documentation and metadata. Create visually appealing and insightful reports and dashboards. Communicate data findings effectively to both technical and non-technical stakeholders. Identify and resolve data related issues and challenges. Propose innovative solutions to improve data processes and systems. Stay updated on industry trends and advancements in data technologies. Provide guidance on the selection and implementation of data tools and technologies. Levallois-Perret . France & Devops Engineer Vos Missions : Lisboa . Portugal Assurance Analyst Ability to elicit and document technical requirements; Preparation of use cases for validation of the solution under implementation; Manage and validate the requirements; Identify gaps and opportunities for process improvements; Analyze functional and technical specifications to ensure that the construction and definition of test cases is in agreement; Execution of different types of software tests in order to validate that the developed solutions respond to the requirements defined in the technical and functional specifications, ensuring compliance with the defined testing framework; Updating documentation and deliverables related to testing (test plans, test scripts and evidence reports). Machelen . Belgium & Compliance Engineer What are we looking for? As a Security GRC consultant, you are able to engage with our clients in all industry sectors to scope out their cyber requirements and to deliver on their Governance, Risk and Compliance projects based on your expert advice. You are able to help clients understand their risk exposure in their environment and design solutions to remediate their risks. What will your day look like? You will adopt and integrate Compliance & Risk Frameworks for specific projects at our clients. This can include data entry into ServiceNow GRC tool, creating status reports and maintain statistics. You will also support our clients in the development of their security program regarding compliance and data privacy, which includes performing or documenting Framework Assessments; advising on or creating appropriate Policies; and revising, creating, or assisting in the creation of Risk Management, Incident Response, and Business Recovery programs. Who will you work with? You will be part of the Cyber Trust team with more than 50 people in Belgium, exchanging insights and knowledge, "ensuring a secure IT environment protecting the business goals". You will work with our customer's business and technical employees to capture, discuss and verify cyber risks. You work on flexible daily basis, on site at client's office, at Devoteam in Zaventem or at home. You will report to your practice manager, who will be your point of contact for development and career guidance.
A forward-thinking cybersecurity firm in the United Kingdom is looking for an L1 SOC Analyst to monitor and triage security alerts. The role involves using Fortinet and Microsoft SIEM/EDR tools to detect threats and respond rapidly to incidents. Candidates should have a passion for cybersecurity and relevant certifications, such as CompTIA Security+. This position offers comprehensive training, development opportunities, and a starting salary of £25,000 plus a 15% shift bonus.
05/05/2026
Full time
A forward-thinking cybersecurity firm in the United Kingdom is looking for an L1 SOC Analyst to monitor and triage security alerts. The role involves using Fortinet and Microsoft SIEM/EDR tools to detect threats and respond rapidly to incidents. Candidates should have a passion for cybersecurity and relevant certifications, such as CompTIA Security+. This position offers comprehensive training, development opportunities, and a starting salary of £25,000 plus a 15% shift bonus.
Consortium for Clinical Research and Innovation Singapore
Key Responsibilities Vulnerability Assessment and Scanning: Conduct regular vulnerability scans using industry-standard tools to identify weaknesses in networks, applications, and systems. Analyze scan results, prioritize vulnerabilities based on risk levels, and recommend remediation strategies to minimize exposure. Risk Mitigation and Remediation: Assess identified vulnerabilities for potential impact, develop and implement mitigation plans, and track remediation progress. Collaborate with IT and development teams to apply patches, updates, and configuration changes. SOC Operations Support: Monitor security alerts and events within the SOC, contributing to real-time threat detection and response. Participate in incident triage, investigation, and resolution to ensure minimal downtime and data integrity. Cybersecurity Configuration Management: Design, implement, and maintain secure configurations for hardware, software, and cloud environments. Ensure compliance with standards such as ISO 27001, NIST, or Singapore's Cybersecurity Act. Troubleshooting and Problem Resolution: Diagnose and resolve complex security issues, including misconfigurations, unauthorized access attempts, and system anomalies. Use debugging tools and methodologies to root cause problems and prevent recurrence. Threat Intelligence and Reporting: Stay updated on emerging cybersecurity threats, particularly those relevant to Singapore and the region (e.g., via PDPC guidelines or international feeds). Prepare detailed reports on vulnerability assessments, scan findings, and security metrics for stakeholders. Team Collaboration and Training: Work closely with SOC analysts, engineers, and other departments to enhance overall security posture. Provide guidance and training to junior staff on vulnerability management and cybersecurity concepts. Continuous Improvement: Evaluate and recommend new tools, processes, and technologies to improve vulnerability scanning efficiency and SOC effectiveness. Participate in tabletop exercises and simulations to refine response protocols. Qualifications and Skills Education: Polytechnic Diploma or a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as OSCP, GCIH or CEH are highly desirable. Experience: At least 1-3 years in cybersecurity roles, with hands on experience in vulnerability management and SOC/ System Integration environments. Technical Skills Proficiency in vulnerability scanning tools and techniques. Experience with Microsoft Products and understand/adapt to troubleshooting methodologies. Intermediate understanding of automation in Python, Bash, or PowerShell. Basic understanding of Linux and/or Windows operating system administration, including the command line. Fundamental knowledge of networking concepts (e.g., TCP/IP, firewalls, routing). Understanding of security frameworks and standards (e.g., NIST CSF, CIS Controls, MITRE ATT&CK). Strong understanding of cybersecurity concepts, including threat modeling, encryption, access controls, and network security. Soft Skills Excellent analytical and problem solving abilities Strong communication skills for reporting and collaboration Ability to work under pressure during security incidents Ability to work effectively and participate in on call rotations as a part of a 24/7 Security Operations Centre as a team
05/05/2026
Full time
Key Responsibilities Vulnerability Assessment and Scanning: Conduct regular vulnerability scans using industry-standard tools to identify weaknesses in networks, applications, and systems. Analyze scan results, prioritize vulnerabilities based on risk levels, and recommend remediation strategies to minimize exposure. Risk Mitigation and Remediation: Assess identified vulnerabilities for potential impact, develop and implement mitigation plans, and track remediation progress. Collaborate with IT and development teams to apply patches, updates, and configuration changes. SOC Operations Support: Monitor security alerts and events within the SOC, contributing to real-time threat detection and response. Participate in incident triage, investigation, and resolution to ensure minimal downtime and data integrity. Cybersecurity Configuration Management: Design, implement, and maintain secure configurations for hardware, software, and cloud environments. Ensure compliance with standards such as ISO 27001, NIST, or Singapore's Cybersecurity Act. Troubleshooting and Problem Resolution: Diagnose and resolve complex security issues, including misconfigurations, unauthorized access attempts, and system anomalies. Use debugging tools and methodologies to root cause problems and prevent recurrence. Threat Intelligence and Reporting: Stay updated on emerging cybersecurity threats, particularly those relevant to Singapore and the region (e.g., via PDPC guidelines or international feeds). Prepare detailed reports on vulnerability assessments, scan findings, and security metrics for stakeholders. Team Collaboration and Training: Work closely with SOC analysts, engineers, and other departments to enhance overall security posture. Provide guidance and training to junior staff on vulnerability management and cybersecurity concepts. Continuous Improvement: Evaluate and recommend new tools, processes, and technologies to improve vulnerability scanning efficiency and SOC effectiveness. Participate in tabletop exercises and simulations to refine response protocols. Qualifications and Skills Education: Polytechnic Diploma or a bachelor's degree in computer science, Information Technology, Cybersecurity, or a related field. Relevant certifications such as OSCP, GCIH or CEH are highly desirable. Experience: At least 1-3 years in cybersecurity roles, with hands on experience in vulnerability management and SOC/ System Integration environments. Technical Skills Proficiency in vulnerability scanning tools and techniques. Experience with Microsoft Products and understand/adapt to troubleshooting methodologies. Intermediate understanding of automation in Python, Bash, or PowerShell. Basic understanding of Linux and/or Windows operating system administration, including the command line. Fundamental knowledge of networking concepts (e.g., TCP/IP, firewalls, routing). Understanding of security frameworks and standards (e.g., NIST CSF, CIS Controls, MITRE ATT&CK). Strong understanding of cybersecurity concepts, including threat modeling, encryption, access controls, and network security. Soft Skills Excellent analytical and problem solving abilities Strong communication skills for reporting and collaboration Ability to work under pressure during security incidents Ability to work effectively and participate in on call rotations as a part of a 24/7 Security Operations Centre as a team
Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y £80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
01/05/2026
Full time
Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y £80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in the West Midlands Be aged 19 or over. Earn below the gross annual wage cap of £34,194. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
01/05/2026
Full time
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in the West Midlands Be aged 19 or over. Earn below the gross annual wage cap of £34,194. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
01/05/2026
Full time
About the opportunity Gain a government funded certified qualification, and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training's fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you'll gain hands-on experience that prepares you for today's fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Course Details Start Date: 27/04 Duration: 14 weeks Format: Online, practical workshops Schedule: 6-9PM What you'll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer. Starting Salaries: Typically £22,000 - £35,000 (role dependent). Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees - complete the training, gain essential cyber security skills.
Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y 80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
21/04/2026
Full time
Senior Cyber Security Splunk SME Full Time Permanent Fully onsite - Moorgate, London EC2Y 80-92K basic + benefits (5% pension, 25 days hols, life insurance, medical cover) Are you an experienced Splunk SME looking for a new challenge? Do you have a strong background in Splunk, IAM and SOAR with a high-level understanding of wider Splunk ecosystem, along with Incident Management, Python and Powershell skills? Here at ARM, we are recruiting for a full time permanent Splunk SME for a global IT services and consultancy client of ours. Our client: They're a leading business with a global reach that empowers local teams, and they undertake hugely exciting work that is genuinely changing the world. Their advanced portfolio of consulting, applications, business process, cloud, and infrastructure services will allow you to achieve great things by working with brilliant colleagues, and clients, on exciting projects. They're a rapidly growing, people-first technology organisation and part of a $1B global service provider delivering end-to-end IT Outsourcing (ITO) and Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation, and supports your career journey every step of the way. The Opportunity: We are looking for a skilled Splunk Specialist to deliver end-to-end Splunk engagements, helping clients build and enhance their security monitoring capabilities. You will lead the full project lifecycle, from requirements gathering and stakeholder engagement through to data onboarding, alert development, and dashboard creation, ensuring solutions are aligned to both business and security objectives. You will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous but not essential. This role suits someone who enjoys working in a client-facing environment, solving complex challenges, and contributing to the ongoing evolution of modern Security Operations Centres. What You'll Be Doing: Design, build, and continuously enhance detection capabilities within Splunk across Linux and Windows environments, including log onboarding, normalisation, and enrichment Develop and maintain high-quality detection content such as correlation searches and risk-based alerting within Splunk Enterprise Security Write and optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute to automation and orchestration initiatives (including exposure to SOAR where applicable) Leverage scripting languages such as Python and PowerShell to automate detection logic, enrich data, and integrate with security workflows Provide mentorship and technical guidance to junior engineers, particularly on Splunk backend activities such as data ingestion, parsing, indexing, and troubleshooting Collaborate closely with SOC analysts, incident responders, and global engineering teams to improve detection and response capabilities Apply strong analytical and problem-solving skills to translate threat intelligence into actionable detection use cases and continuously improve security operations What We're Looking For: Essential: Experience working on multiple projects with broad scope, ambiguity, and a high degree of difficulty Demonstrable proficiency across a wide range of IT and cybersecurity technologies Strong knowledge of key cybersecurity domains, including Identity and Access Management and Incident Management High-level analytical ability to solve unusual and complex problems Ability to maintain up-to-date working knowledge of cybersecurity principles and best practices Experience in senior stakeholder management and providing clear, relevant management reporting, professional communication - written and verbal. Eligibility to work in the UK. Desirable: Experience in technology projects such as cyber infrastructure implementation or replacement initiatives Understanding of global program structures, launch plans, timing, and ownership Ability to coach and mentor team members through knowledge transfer and constructive feedback Disclaimer: This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.
Security Analyst SOC, Tier 2 SOC Analyst to join an award winning managed service provider 24x7 security team. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. Taking ownership of complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. You will be involved in • Incident Detection & Response • Threat Intelligence and Analysis • Security Monitoring and Detection Engineering • Compliance, Reporting and Documentation • Vulnerability Management • Collaboration and knowledge sharing This would suit an experienced security analyst who has proved experience working in a busy security department, working in security operations. Strong alert triage, incident response, security monitoring, and threat analysis. Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools. Ideally have a strong bachelor s degree in computer science, Information Security, Cyber Security or related field with any SIEM-specific certification or vendor-specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential. Office based in Stoke on Trent, shifts, rota basis of 4 days on working - early's, late's and nights. This is an excellent opportunity for an experienced security analyst ready to take the next step with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands-on environment.
17/04/2026
Full time
Security Analyst SOC, Tier 2 SOC Analyst to join an award winning managed service provider 24x7 security team. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. Taking ownership of complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. You will be involved in • Incident Detection & Response • Threat Intelligence and Analysis • Security Monitoring and Detection Engineering • Compliance, Reporting and Documentation • Vulnerability Management • Collaboration and knowledge sharing This would suit an experienced security analyst who has proved experience working in a busy security department, working in security operations. Strong alert triage, incident response, security monitoring, and threat analysis. Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools. Ideally have a strong bachelor s degree in computer science, Information Security, Cyber Security or related field with any SIEM-specific certification or vendor-specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential. Office based in Stoke on Trent, shifts, rota basis of 4 days on working - early's, late's and nights. This is an excellent opportunity for an experienced security analyst ready to take the next step with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands-on environment.
Cyber Security Operations Analyst (Tier 2) Role: Cyber Security Operations Analyst (Tier 2) Specialism(s): Security Operations, Security Alerts, Security Incident Management, SIEM, Defender, Cofense, Azure, Email Security, Conditional Access Policies, User Authentication, EDR, Playbooks Security Assessment, Vulnerability Analysis, Risk Analysis, SOAR Type: Contract, Daily Rate Pay Rate: 350 - 380 per day (Inside IR35) Location: Remote (UK Only) Start: ASAP/Urgent Duration: 6+ Months Cyber Security Operations Analyst (Tier 2) CPS Group UK are delighted to be working with a leading organisation to appoint a Cyber Security Operations Analyst (Tier 2) to join a newly refurbished CSOC environment and existing team to monitor infrastructure for threats, investigate and respond to security alerts and act as the escalation point for junior analyst queries. The Cyber Security Operations Analyst will respond to verified security incidents and undertake prompt remediation activities to eradicate threats. The Analyst will require existing skills in Microsoft Defender, Azure and Cofense. The Cyber Security Operations Analyst is able to work remotely (UK only) and will be required to work 12 hour shifts on a 4 days on / 4 days off shift pattern (including 1 in 4 night shifts). Due to the nature of the engagement, only candidates who have been a UK resident for a minimum of 5 years can be considered Role Requirements Play an active role in the CSOC Operations team by: o Monitor active SIEM solutions and platforms o Investigate and triage to security alerts and incidents o Be the escalation point for junior analysts, offering knowledge and mentorship where required o Ensure infrastructure and data security through the use of layered security controls (e.g. EDR, Email Security, User Authentication, Conditional Access) o Oversee security assessments across PAM, endpoint, email and cloud security o Provide direct updates to stakeholders regarding security incidents and initiatives o Undertake on-going analysis of emerging threats using TTP's and existing knowledge o Support the production of alert/incident 'playbooks' Required Skills & Experience 3-4+ years' experience in a Security Operations/SOC-based role Hands-on experience with Defender, Azure and Cofense Strong technical understanding of security alert/incident management and threats Knowledge of security threat techniques (e.g. Account compromise, malicious payloads) Proven experience of robust incident response within defined SLA's Proven experience using SIEM, EDR & Email Security tooling Ability to mentor and upskill junior team members Ability to create (or enhance) cyber security playbooks Knowledge of HMG security standards and processes Familiarity with ITIL Various Cyber Security certifications (e.g. Microsoft AZ-500, SANS GSOC) For more information or immediate consideration for this opportunity, please contact Charlie Grant at CPS Group UK on (phone number removed) or email (url removed) By applying to this advert you are giving CPS Group (UK) Ltd authority to hold and process your data for this specific role and any other roles we may deem suitable to you over time. We will not pass your data to any third party without your verbal or written permission to do so. All incoming and outgoing calls are recorded for training and compliance purposes. CPS Group (UK) Ltd is acting as an Employment Agency in relation to this vacancy. Our new privacy policy can be found here (url removed)
14/04/2026
Contractor
Cyber Security Operations Analyst (Tier 2) Role: Cyber Security Operations Analyst (Tier 2) Specialism(s): Security Operations, Security Alerts, Security Incident Management, SIEM, Defender, Cofense, Azure, Email Security, Conditional Access Policies, User Authentication, EDR, Playbooks Security Assessment, Vulnerability Analysis, Risk Analysis, SOAR Type: Contract, Daily Rate Pay Rate: 350 - 380 per day (Inside IR35) Location: Remote (UK Only) Start: ASAP/Urgent Duration: 6+ Months Cyber Security Operations Analyst (Tier 2) CPS Group UK are delighted to be working with a leading organisation to appoint a Cyber Security Operations Analyst (Tier 2) to join a newly refurbished CSOC environment and existing team to monitor infrastructure for threats, investigate and respond to security alerts and act as the escalation point for junior analyst queries. The Cyber Security Operations Analyst will respond to verified security incidents and undertake prompt remediation activities to eradicate threats. The Analyst will require existing skills in Microsoft Defender, Azure and Cofense. The Cyber Security Operations Analyst is able to work remotely (UK only) and will be required to work 12 hour shifts on a 4 days on / 4 days off shift pattern (including 1 in 4 night shifts). Due to the nature of the engagement, only candidates who have been a UK resident for a minimum of 5 years can be considered Role Requirements Play an active role in the CSOC Operations team by: o Monitor active SIEM solutions and platforms o Investigate and triage to security alerts and incidents o Be the escalation point for junior analysts, offering knowledge and mentorship where required o Ensure infrastructure and data security through the use of layered security controls (e.g. EDR, Email Security, User Authentication, Conditional Access) o Oversee security assessments across PAM, endpoint, email and cloud security o Provide direct updates to stakeholders regarding security incidents and initiatives o Undertake on-going analysis of emerging threats using TTP's and existing knowledge o Support the production of alert/incident 'playbooks' Required Skills & Experience 3-4+ years' experience in a Security Operations/SOC-based role Hands-on experience with Defender, Azure and Cofense Strong technical understanding of security alert/incident management and threats Knowledge of security threat techniques (e.g. Account compromise, malicious payloads) Proven experience of robust incident response within defined SLA's Proven experience using SIEM, EDR & Email Security tooling Ability to mentor and upskill junior team members Ability to create (or enhance) cyber security playbooks Knowledge of HMG security standards and processes Familiarity with ITIL Various Cyber Security certifications (e.g. Microsoft AZ-500, SANS GSOC) For more information or immediate consideration for this opportunity, please contact Charlie Grant at CPS Group UK on (phone number removed) or email (url removed) By applying to this advert you are giving CPS Group (UK) Ltd authority to hold and process your data for this specific role and any other roles we may deem suitable to you over time. We will not pass your data to any third party without your verbal or written permission to do so. All incoming and outgoing calls are recorded for training and compliance purposes. CPS Group (UK) Ltd is acting as an Employment Agency in relation to this vacancy. Our new privacy policy can be found here (url removed)
About the opportunity Apply, complete the training course, get a certification and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as IT support, second line support, junior development, cyber security analysis and business analyst positions, working with companies across tech, logistics, public services and digital sectors. Course Details Start Date: 27.04 Duration: 14 weeks Format: Online, practical workshops Schedule: Mon-Thur 6-9pm What you ll learn Principles: Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills and behaviours for the sector Protection: Gain practical knowledge to protect and secure digital environments Eligibility To apply, you must: Live in the West Midlands Be aged 19 or over Earn below the gross annual wage cap of £34,194 Not currently be undertaking other government-funded training Not be in the UK on a student, graduate, postgraduate, or sponsored visa, or as a dependent Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills and career support.
14/04/2026
Full time
About the opportunity Apply, complete the training course, get a certification and career support - no brainer! Are you ready to launch a career in cyber security? Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 3) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as IT support, second line support, junior development, cyber security analysis and business analyst positions, working with companies across tech, logistics, public services and digital sectors. Course Details Start Date: 27.04 Duration: 14 weeks Format: Online, practical workshops Schedule: Mon-Thur 6-9pm What you ll learn Principles: Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills and behaviours for the sector Protection: Gain practical knowledge to protect and secure digital environments Eligibility To apply, you must: Live in the West Midlands Be aged 19 or over Earn below the gross annual wage cap of £34,194 Not currently be undertaking other government-funded training Not be in the UK on a student, graduate, postgraduate, or sponsored visa, or as a dependent Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills and career support.
Job Title - Cyber security incident manager SC cleared or eligible for clearance. 3 month rolling ( likely 1 year) Fully remote Key Responsibilities Incident Response & Management Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats). Serve as primary incident commander during high?severity events. Oversee triage, impact assessment, containment strategies, and remediation plans. Ensure timely escalation and communication to leadership and relevant stakeholders. Maintain accurate incident logs, timelines, and evidence for audits or legal processes. Threat Analysis & Investigation Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners. Analyse attack vectors, exploits, and root causes. Guide forensic activity where required, ensuring evidence integrity. Governance, Reporting & Continuous Improvement Produce detailed incident reports, executive summaries, and post?incident reviews. Track incident metrics, trends, and lessons learned to improve security posture. Drive improvements in incident response playbooks, processes, and tooling. Ensure incidents are handled in alignment with frameworks such as NIST Stakeholder & Vendor Coordination Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners. Support customer?facing communication where relevant (for MSSP or managed services environments). Manage relationships with external responders, MSSPs, and law enforcement as applicable. Operational Readiness Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments. Ensure IR documentation is current, accessible, and aligned with business needs. Provide mentoring and support to junior analysts and incident responders. Essential Skills & Experience Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment. Strong understanding of attack methodologies, malware behaviour, and adversary TTPs. Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools. Deep knowledge of IR frameworks: Ability to make clear decisions under pressure and command multi?disciplinary response teams. Excellent communication skills, with the ability to convey technical detail to senior leadership.
07/04/2026
Contractor
Job Title - Cyber security incident manager SC cleared or eligible for clearance. 3 month rolling ( likely 1 year) Fully remote Key Responsibilities Incident Response & Management Lead and coordinate major cyber security incidents (e.g., ransomware, data breaches, phishing campaigns, insider threats). Serve as primary incident commander during high?severity events. Oversee triage, impact assessment, containment strategies, and remediation plans. Ensure timely escalation and communication to leadership and relevant stakeholders. Maintain accurate incident logs, timelines, and evidence for audits or legal processes. Threat Analysis & Investigation Direct technical investigations, working with SOC analysts, threat intelligence teams, and external partners. Analyse attack vectors, exploits, and root causes. Guide forensic activity where required, ensuring evidence integrity. Governance, Reporting & Continuous Improvement Produce detailed incident reports, executive summaries, and post?incident reviews. Track incident metrics, trends, and lessons learned to improve security posture. Drive improvements in incident response playbooks, processes, and tooling. Ensure incidents are handled in alignment with frameworks such as NIST Stakeholder & Vendor Coordination Act as the key liaison during incidents with IT, Risk, Legal, Compliance, HR, Communications, and third?party partners. Support customer?facing communication where relevant (for MSSP or managed services environments). Manage relationships with external responders, MSSPs, and law enforcement as applicable. Operational Readiness Support the development and delivery of cyber incident simulations, tabletop exercises, and readiness assessments. Ensure IR documentation is current, accessible, and aligned with business needs. Provide mentoring and support to junior analysts and incident responders. Essential Skills & Experience Proven experience leading complex cyber security incidents in a mid?to?large enterprise or MSSP environment. Strong understanding of attack methodologies, malware behaviour, and adversary TTPs. Experience with SIEM, EDR, SOAR, threat intel platforms, and forensic tools. Deep knowledge of IR frameworks: Ability to make clear decisions under pressure and command multi?disciplinary response teams. Excellent communication skills, with the ability to convey technical detail to senior leadership.
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
06/10/2025
Contractor
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
Senior Cyber Security Analyst - Central Gov (Contract) Incident Response | Threat Detection | Forensics | SIEM The Cyber Defence team is hiring a Senior Cyber Security Analyst to lead on incident response and protect critical citizen-facing services. You'll: Investigate and respond to cyber incidents at scale Lead forensic analysis (systems, files, network, cloud) Coordinate containment, eradication & recovery actions Mentor Junior Analysts and shape IR playbooks Must have strong Splunk skills. Requirements: Strong incident response & cyber investigation experience Skilled with EDR/SIEM tools - splunk Deep knowledge of attacker TTPs Excellent problem solving & communication London | Competitive Day Rate | SC Clearance required | On-call rota
03/10/2025
Contractor
Senior Cyber Security Analyst - Central Gov (Contract) Incident Response | Threat Detection | Forensics | SIEM The Cyber Defence team is hiring a Senior Cyber Security Analyst to lead on incident response and protect critical citizen-facing services. You'll: Investigate and respond to cyber incidents at scale Lead forensic analysis (systems, files, network, cloud) Coordinate containment, eradication & recovery actions Mentor Junior Analysts and shape IR playbooks Must have strong Splunk skills. Requirements: Strong incident response & cyber investigation experience Skilled with EDR/SIEM tools - splunk Deep knowledge of attacker TTPs Excellent problem solving & communication London | Competitive Day Rate | SC Clearance required | On-call rota
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
03/10/2025
Contractor
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
Senior Cyber Security Analyst - Government, Splunk, EDR, Defence, AWS, Hybrid, London, SC Clearance, £800 pd We are seeking an experienced SC cleared Senior Cyber Security Analyst to lead incident response efforts within a dynamic cyber defence team. The ideal candidate will have a strong background in investigating, managing, and responding to cyber threats, with a focus on incident containment and forensic analysis. Key Responsibilities: Lead investigations into security alerts to determine the nature and scope of potential cyber incidents Conduct forensic analysis across systems, network traffic, files, and cloud environments Manage technical responses, including containment, eradication, and recovery actions Support the coordination and management of cyber incident responses Review incidents post-event to identify lessons learned and areas for improvement Develop and maintain incident response plans, playbooks, and knowledge resources Lead and line-manage security team members Experience & Skills Needed: Extensive experience investigating and responding to cyber incidents Proficiency with security tools such as EDR and SIEM platforms Proven track record of managing and coordinating incident response activities Experience in mentoring and coaching junior staff Strong understanding of threat actor techniques, tools, and tactics Excellent analytical, problem-solving, and communication skills Experience with Splunk or similar log management tools Familiarity with Agile working practices Knowledge of cloud platforms such as AWS If you possess the relevant experience and are ready to lead critical cyber defence initiatives, we encourage you to apply. Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
03/10/2025
Contractor
Senior Cyber Security Analyst - Government, Splunk, EDR, Defence, AWS, Hybrid, London, SC Clearance, £800 pd We are seeking an experienced SC cleared Senior Cyber Security Analyst to lead incident response efforts within a dynamic cyber defence team. The ideal candidate will have a strong background in investigating, managing, and responding to cyber threats, with a focus on incident containment and forensic analysis. Key Responsibilities: Lead investigations into security alerts to determine the nature and scope of potential cyber incidents Conduct forensic analysis across systems, network traffic, files, and cloud environments Manage technical responses, including containment, eradication, and recovery actions Support the coordination and management of cyber incident responses Review incidents post-event to identify lessons learned and areas for improvement Develop and maintain incident response plans, playbooks, and knowledge resources Lead and line-manage security team members Experience & Skills Needed: Extensive experience investigating and responding to cyber incidents Proficiency with security tools such as EDR and SIEM platforms Proven track record of managing and coordinating incident response activities Experience in mentoring and coaching junior staff Strong understanding of threat actor techniques, tools, and tactics Excellent analytical, problem-solving, and communication skills Experience with Splunk or similar log management tools Familiarity with Agile working practices Knowledge of cloud platforms such as AWS If you possess the relevant experience and are ready to lead critical cyber defence initiatives, we encourage you to apply. Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
03/10/2025
Contractor
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
01/10/2025
Contractor
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
Malware Reverse Engineer Location: Remote working - Office based in Reading Salary: Competitive Salary and Benefits Career Level : Specialist, Associate Manager or Manager About Accenture Cyber Threat Intelligence (ACTI) ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain. Who You Are You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence. Role Description As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis. Key Responsibilities Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting. Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events. Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes. Improve existing tools that extract known malware family configurations based on reverse engineering results. Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes. Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations. Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies. Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems' self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations. Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically. Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations. Develop decoders to extract malware configurations-including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects-based on reverse engineering results. Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code. Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects. Basic Qualifications Bachelor's Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience. Experience with malware analysis, reverse engineering, and development. Ability to write, understand, and/or analyze code in programming and scripting languages, including Assembly x86/x64, C, C++, Python, JavaScript, Java, PHP, and HTML. Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques. Understanding of operating system internals and the Windows API. Experience with debuggers, decompilers, and network traffic analysis tools. Development experience in Assembly, Python, C, or C++. Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA). Required Skills Ability to analyze and unpack obfuscated code. Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement. Strong problem solving and critical thinking capabilities. Desired Skills Two or more years of experience in malware analysis, reverse engineering, and development fields. Deep understanding of operating system internals and the Windows API. Ability to work with a high degree of independence. Ability to collaborate in a team environment to focus on a common goal. Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 25days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications: 30/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found.
24/09/2022
Full time
Malware Reverse Engineer Location: Remote working - Office based in Reading Salary: Competitive Salary and Benefits Career Level : Specialist, Associate Manager or Manager About Accenture Cyber Threat Intelligence (ACTI) ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain. Who You Are You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence. Role Description As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis. Key Responsibilities Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting. Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events. Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes. Improve existing tools that extract known malware family configurations based on reverse engineering results. Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes. Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations. Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies. Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems' self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations. Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically. Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations. Develop decoders to extract malware configurations-including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects-based on reverse engineering results. Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code. Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects. Basic Qualifications Bachelor's Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience. Experience with malware analysis, reverse engineering, and development. Ability to write, understand, and/or analyze code in programming and scripting languages, including Assembly x86/x64, C, C++, Python, JavaScript, Java, PHP, and HTML. Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques. Understanding of operating system internals and the Windows API. Experience with debuggers, decompilers, and network traffic analysis tools. Development experience in Assembly, Python, C, or C++. Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA). Required Skills Ability to analyze and unpack obfuscated code. Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement. Strong problem solving and critical thinking capabilities. Desired Skills Two or more years of experience in malware analysis, reverse engineering, and development fields. Deep understanding of operating system internals and the Windows API. Ability to work with a high degree of independence. Ability to collaborate in a team environment to focus on a common goal. Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 25days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications: 30/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found.
