Control Risks: Senior Consultant, Cyber Incident Response – Washington

The Senior Consultant is responsible for delivering Incident Response support to our clients by helping them investigate and remediate the impacts of cyber attacks quickly and comprehensively. This role will report to the Associate Director of Cyber Response and work closely with the Cyber Crisis Management team. The successful candidate will have a strong technical skill set and a deep understanding of current and emerging threat actors.

Role tasks and responsibilities

Incident response

• Overseeing cloud, host and network based investigations.
• Ownership of the lifecycle of a cyber incident including identification, containment, eradication and recovery.
• Define and execute investigative strategies to meet our clients needs including guiding more junior members of the team to help implement this strategy.
• Lead technical scoping engagement, triage priorities, and recovery strategy for affected systems.
• Perform log analysis from a variety of sources (e.g., individual host logs, network traffic logs) to identify threats.
• Undertake evidence acquisition on a variety of assets and lead the investigation, identify the root cause / overall impact caused by the threat.
• Advise our clients on how to eradicate the threats and rebuild securely utilizing the findings from your investigation.
• Threat hunting using endpoint tooling and findings from your investigation to evaluate an attacker’s spread through a system and network, anticipating and thwarting further attacker activity.
• Perform live compromise assessments for organizations who suspect a compromise.
• Detect and hunt unknown live, dormant, and custom malware in memory across multiple systems in an enterprise environment.
• Demonstrate a deep understanding of both existing and emerging threat actors, as well as experience identifying rapidly changing tools, tactics and procedures of attackers.
• Advise on the safe technical recovery of an organizations IT systems balancing the need to understand what has happened but speed up recovery.
• This role has a requirement to be on call.

Client Management

• To support with client relationship management facilitating where appropriate introduction and provision of additional technical Control Risks services.
• Working closely with Cyber Response Management to ensure a cohesive go-to-market approach.
• Ensure tooling and automation developed is customer friendly to deploy and use. Be responsible for any customer queries that arise from the use of the technology and automation.

Reporting

• Provide situation reports and other significant case related material to the client and the Director of Cyber Response.
• Provide documentation to the relevant consultants in sufficient time to allow review and feedback, before submitting to a client.
• Report on the performance of the Technical Cyber Response work and forecast technical and resource requirements in the near and long term.
• Ensure the output of tooling and automation is easily readable and presentable both during cases in situation reports but also within formal end of case reports.

Supporting the growth of the Cyber Response practice

• Supporting the development of an ever-improving global technology stack to more rapidly and effectively respond to client incidents.
• Refining Control Risks’ cyber response methodologies and approaches and tailoring the approach in changing market conditions.
• Identifying potential new areas of growth and opportunity.