Cyber Forensics and Incident Response Consultant

About Us

EY is a global leader in assurance, tax, transactions and advisory services.

The insights and quality services we deliver help build trust and confidence in the capital markets and in economies all over the world. We develop outstanding leaders and teams who deliver on our promises to all of our stakeholders. In doing so, we play a critical role in building a better working world for our people, for our clients and for our communities.

About Cyber Forensics and Incident Response Services

Cyber Forensics and Incident Response is a practice which is part of IT Forensics (ITF) within EY’s Forensic Technology & Discovery Services (FTDS) team. As part of the Fraud Investigation & Dispute Services (FIDS) business unit, this group specializes in forensic technology services encompassing eDiscovery, Forensic Data Analytics and IT Forensic / Cyber Threat investigations. Using state of the art tools, our teams support clients with fraud detection, fraud investigation and compliance management.

The Cyber Forensics and Incident Response practice supports clients in the detection and management of cyber threats detected as part of proactive technical investigations, where clients believe that they have been a victim of a cybercrime or threat. The practice deploys several platforms and methodologies to discover and detect malicious activity within a client’s environment.

Our FTDS lab is equipped with cutting edge forensic technology infrastructure and tools necessary to uncover the data trails of cybercrime. Our offices are open and modern, supporting a culture of flexible working. Our people values promote inclusiveness, development and engagement.

Skills and experience requirements:

We are looking for a Consultant to join our Forensic Technology & Discovery Services (FTDS) - Cyber Forensics and Incident Response team with the following qualifications:

• Bachelor or Master level degree in Computer Engineering, Electronic Engineering or a related field.
• Experience with Digital Forensics & Incident Response (DFIR) or Cyber Security Operations Center (CSOC) projects.
• Deep understanding of both Windows and Unix/Linux based operating systems.
• Understanding common network protocols (TCP/IP, DNS, HTTP, SMTP)
• Good knowledge of cyber threat detection tools, both open source and commercial products.
• Experience with web application security is highly desirable.
• Experience with penetration testing, ethical hacking is a plus.
• Experience with computer forensics applications such as EnCase, FTK, Magnet AXIOM or HELIX is a plus.
• Experience with SIEM tools such as Splunk, IBM QRadar is a plus.
• Experience with reverse engineering, malware analysis is a plus.
• Experience with network forensics is a plus.
• Experience with cyber threat intelligence is a plus.

Knowledge of:

• Attacker tactics, techniques, and procedures (TTPs),
• Common attack vectors,
• Cyber kill chain,
• Vulnerabilities and exploits,

Desirable to have industry cyber security qualifications such as:

• GIAC Certified Forensic Analyst (GCFA),
• GIAC Certified Forensic Examiner (GCFE),
• GIAC Reverse Engineering Malware (GREM),
• GIAC Certified Incident Handler (GCIH),
• GIAC Network Forensic Analyst (GNFA),
• GIAC Cyber Threat Intelligence (GCTI),
• Offensive Security Certified Professional (OSCP).

Job description

• Investigate threat events detected in client environments, using either the client’s or ITF tools.
• Project delivery track record, or evidence of working with a project team.
• Perform incident response activities including log analysis, data collection and preservation on host/network systems.
• Identify and hunt malicious activities then analyze their TTPs and generate IOCs.
• Deliver high quality reports to the client’s management team.
• Support client teams on remote sites, working closely with their own security incident management.
• Support the delivery of long-term cyber threat investigation projects, both on site and remotely.
• Travel to client locations to undertake investigations as deemed necessary.
• Utilize technology to continually learn, share knowledge with team members and develop skills in discovery, cyber and forensic data analytics.
• Good command of spoken and written English.

For further information, and to apply, please visit our website via the “Apply” button below.