Jobs

Level 3 Security Analyst - DFIR and Threat Hunting - UK

United Kingdom - RemoteUnited KingdomEurope

Triskele Labs are an Australian based cybersecurity consultancy and Managed Security Services Provider (MSSP). Our SOC team are currently expanding our team into the USA to provide follow the sun Digital Forensics and Incident Response (DFIR) and Threat Hunting services for our Australian based clients.

This role will have a big focus on hunt and respond, as well as conducting detection engineering to identify threats not identified by the security tools we have in place. The role will be a technical lead for the Major Incident Response team and expected to interface with clients on an ongoing basis.

The Level 3 Security Analyst forms part of the Security Operations team that is comprised of Level 1 Security Analysts and other Level 3 Security Analysts. When you are not participating in Incident Response engagements, you will be undertaking threat hunts in our client environment using SIEMs, EDRs and Open-Source tools. The Level 3 Security Analysts also act as a technical escalation point for the Level 1 and 2 team. The Level 3 Security Analyst also directly interacts with the dedicated Adversary Simulation / Red Team to form a Purple team.

You will have prior experience in a SOC team (preferably at a MSSP) or in Digital Forensics and Incident Response roles. Familiarity with EDR tools (e.g. Carbon Black, Crowdstrike, Microsoft Defender) and forensic tools (e.g. Magnet Axiom, KAPE, X-Ways, Volatility, Cellebrite) is required. Experience in reverse engineering malware and Cyber Threat Intelligence is advantageous.

Requirements

We are looking for someone that has advanced technical knowledge, can work autonomously and can convey technical findings in a non-technical manner to stakeholders. As a fully remote role in a different country than all other team members, you will be able to work autonomously and have the ability to keep your wider team informed through handovers and conversations via Instant Messaging and Video Conferencing.

The following outlines the typical responsibilities of the role:

  • Lead Digital Forensic and Incident Response engagements. This could include and require extensive overtime including late nights, weekends, and Public Holidays.
  • Undertake static and dynamic analysis of malware samples collected from DFIR engagements.
  • Collaborate with the Cyber Threat Intelligence Team during DFIR engagements.
  • Development of industry specific targeted Threat Hunts based on client industry and size.
  • Ongoing Threat Hunting in client environments using SIEM, EDR and other tools.
  • Assistance in the triage of alerts that have been escalated from Level 1 and Level 2 Security Analysts.
  • Collaborate with the Red Team for Purple Team engagements.
  • Research of emerging threats and detection engineering, implementing rules and alerts for detections that are not included in security tools.
  • Architect solutions for Open Source SIEM and EDR solutions.
  • Assist with Cyber Threat Intelligence research and report development.
  • Implement new tools and technologies such as internal malware sandboxes, reverse engineering labs and segregated networks.
  • Documentation and development of procedures and methodologies as needed.

Benefits

Team culture is everything to Triskele Labs and it is the reason we exist. Our founder set out to create a cybersecurity company that is a place our team love to work. While we focus this culture on the team in Australia, the pivot to remote working has ensured that we provide this for all team members, on-site or remote. We will continue to strive for excellence with our inclusive team culture through initiatives developed by our People and Culture team. In addition, we provide:

  • Annual Training Budget and Paid Training Leave
  • Paid vacation leave
  • Additional paid leave days - 'Birthday Leave' and 'Doona Day Leave'
  • Paid Parental Leave (up to 12 weeks post 12 months of service)
  • Access to Blue Team Labs Online
  • Continual Learning Scenarios through team knowledge sharing
  • Access to Employee Assistance Program (EAP) for all team members

We are a forward thinking company and always looking for ways to boost our team culture and ensure we are a destination employer.

Cyber Security Jobs by Category

Cyber Security Jobs by Location

Cyber Security Salaries