About Us
Outbreach provides specialist Cyber Incident Response and Crisis Management services to our midsize clients spread across the world.
With offices in London, Dubai, and New York we are different to most other security companies in that we assume our clients will experience a security breach and we are here to help them recover as quickly as possible with as little damage or cost to their business.
Outbreach brings together specialists across IT, Digital Forensics, Law, Public Relations, Communications and Operations Resilience to provide a single, trustworthy, and dependable partner to our clients that is available 24x7.
We are now recruiting for ‘bench’ staff to work on an ad-hoc basis for the company as consultants that can be called on to supplement our permanent teams when our clients experience incidents and engage Outbreach.
Role Description
The Incident Responder (IR) is the main person responsible for the technical operational tasks necessary to provide our clients with a high quality, rapid and comprehensive response to a breach. They will be at the forefront of all incidents and absolutely critical to the successful resolution. They will be intimately familiar with a wide variety of attacks from Ransomware to BEC, insider threat and DDoS to name just a few examples.
The IR will be expected to work closely with Incident Managers and feed information to/from specialists in other areas of the incident response such as forensic, legal or PR.
The IR will be able to handle pressure, multiple conflicting demands, and possibly chaotic environments with limited knowledge of the company or crisis. They will be expected to help bring order to the incident and contribute to the swift attainment of the clients objectives.
Key Responsibilities
- First and foremost, this role is responsible for leading the restoration of our client’s IT systems after a cyber-attack.
- Working with the Incident Manager to help triage an initial call.
- Assess the state of the IT systems, report on the damage incurred and any other exposure.
- Implement temporary infrastructure to sustain key business operations during the incident.
- Collect and analyse intrusion artefacts such as logs, source code, malware etc.
- Conduct a root cause analysis to determine how the attack happened, any lateral movement or infection.
- Fully ‘clean’ and remove any residual infection, malware or other damage caused by the attacker.
- Ensure that vulnerabilities are remediated to prevent future reinfection by the same or similar method.
- Collaborate with Forensic, Legal, PR, Comms and 3rd parties to ensure a comprehensive response.
- Monitor external sources to determine threats, evident of breaches and breach impact.
- Document response activities, finding and recommendations.
Non-Incident Response / Crisis Management Responsibilities
- Engage with proactive audit and investigations to plan for a breach.
- Conduct threat hunting and other pre breach or breach confirmation operations.
- Help to refine and improve playbooks, runbooks, and overall response methodology.
Skills & Experience
- 3+ years as a cyber indent responder
- 5+ years in a technical support or engineering role (or demonstratable advanced technology knowledge).
- Strong knowledge of operational security across multiple platforms and all major cloud providers.
- Certifications such as GCIH, GCIA or GCFA/E.
- Huge passion for cyber security demonstrated by research, testing or other activities.
- Advanced knowledge of MITRE Att&ck framework and common TTPs
- Extensive experience with Business Continuity and Disaster Recovery
- Incredibly methodical and attentive to the smallest of details.
- Strong communication skills and presentable to clients and senior executives
Highly Desirable but not Vital
- Experience gained from a consultancy or highly regulated organisation.
- Experience working in a 24x7 operation.
- Previous experience as a SOC analyst or Red Team
- Risk and Compliance practices.
- Working knowledge of Public Relations, Communications, Marketing and Law
- Experience within high pace, high pressure environments and desire to work in incidents and crisis management.
- Security Clearance
Commitment
As a ‘bench’ Incident Responder you will be called whenever a suitable incident is raised by our clients which matches with your skill and experience level.
There is no expectation for you to remain on call or for you to accept any incident when you are not available. However, once you commit to an incident you will become a key member of the response team and will be expected to remain engaged for the duration of the incident. At the least this would be for 1 day, but in most cases will likely be for 2-4 weeks.
Full training and support will be provided to successful candidates who will be expected to attend regular (paid) meetings to ensure they are familiar with the company, it’s methodologies and market.
Pay & Benefits
- Hybrid working with much of your work being done where you please.
- Flexible hours that can be scaled up or down as suits you.
- Working in an expanding Cyber Security business where you can grow in your career and where you can help shape the business.
- Training and development budget aligned to formal relevant qualifications.
- Hourly pay equivalent to over AED550,000pa with a significant increase for unsociable hours – if needed
- Eligible for company stock options (subject to minimum hours).