Security Consultant MDR
Security Consultant MDR
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Job Description
Security Consultant - MDR
This company is an Industry Leader in Cybersecurity services and solutions. They are also CREST Accredited for the provision of Penetration Testing (Pentest) services.
This is a technical lead position inside the Managed Detection & Response this role you will lead intricate investigations working directly with customers to assist them in investigating and responding to security incidents. As a senior team member you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities. This position requires a strong foundation in cybersecurity operations a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR) and the ability to train others and develop complex processes and procedures to increase service efficiency.
Responsibilities:
- Lead triage and full lifecycle investigation of high-severity security incidents (endpoint network cloud).
- Coordinate responders perform containment/remediation decisions drive post-incident RCA and lessons learned.
- Design implement test and tune detections across EDR NDR SIEM and cloud logs; map detections to MITRE ATT&CK.
- Create and maintain playbooks / runbooks and SOAR automations to reduce MTTR and analyst load.
- Develop and maintain detection coverage metrics and SLAs; own escalations and communication with customers for incidents.
- Mentor and train Tier 1/2 analysts; conduct quality reviews of investigations and escalate when appropriate.
- Contribute to the development documentation analysis testing and modification of threat detection systems and playbooks.
- Provide feedback on gaps or improvements needed in processes documentation or technology.
- Maintain an up-to-date knowledge of threat actor techniques and tools and share insights and best practices with the broader team championing a culture of continuous learning.
Requirements:
- 5 years of experience in cybersecurity operations (monitoring detection investigation and incident response).
- Strong endpoint OS (Windows Linux macOS) and networking knowledge including ability to read logs parse artifacts and interpret network flows.
- Scripting and automation such as Python PowerShell Bash and ability to author detection queries and automate tasks.
- Familiarity with malware analysis concepts (static/dynamic) YARA and reverse-engineering basics.
- Understanding of identity & access compromise lateral movement persistence mechanisms and enterprise attack surfaces.
- Expertise with various log sources such as Office365 Azure Entra SharePoint OneDrive Exchange Online Windows Active Directory Windows Event Logs Syslog DNS VPN and the ability to interpret and analyze these logs for anomalies and security incidents.
- Expertise with various log sources such as Office365 Azure Entra SharePoint OneDrive Exchange Online Windows Active Directory Windows Event Logs Syslog DNS VPN and the ability to interpret and analyze these logs for anomalies and security incidents.
- Excellent written and verbal communication; experience producing incident reports and presenting to technical and executive stakeholders.
Required Experience:
Contract
Employment Type
Full-Time
