Technical Lead, Incident Response

ASSOCIATE (TECHNICAL LEAD) INCIDENT RESPONSE SOUTH AFRICA

WHO WE ARE

S-RM is a global intelligence and cyber security consultancy. Since 2005 weve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

Weve been able to do this because of our outstanding people. Were committed to developing sharp curious driven individuals who want to think critically solve complex problems and achieve success.

But we also know that work isnt everything. Its about the lives and careers it helps us build. Were immensely proud of this culture and we invest in our peoples wellbeing learning and ideas every day.

Were excited youre thinking about joining us.

WORKING IN CYBER AT S-RM

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving and our Advisory Ethical Hacking and Incident Response practices are in more demand than ever.

Were building a team to meet this challenge. Were quick to respond innovate and improve. We dont get too hung up on hierarchy or bureaucracy. If your ideas are good enough well empower you to implement them. If youre the best person to talk to a customer youll get that opportunity regardless of the title in your email signature. And when you need a hand your team will always have your back.

We also dont believe theres a typical cyber security professional. Weve built a team of intelligence analysts technical specialists software developers investigators risk managers and more. Youll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team wed like to hear from you.

THE ROLE

Our Incident Response Associates are a critical part of our Cyber Security divisions success.

As a Response Associate (Technical Lead) you will deploy your incident response expertise in a senior delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover including:

• Leading technical incident response from first contact through to closure: you will be the primary technical resource on response cases deploying your own expertise and offering guidance to colleagues on your project team.
• Overseeing host- and network-based incident response investigations: including triage system recovery technical evidence collection and forensics log malware and root cause analyses.
• Developing and sharing domain expertise: we will support you in growing your cyber expertise including sharing it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24X7X365 client incident coverage.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense high-pressure work. We are mindful of our teams work/life balance and offer flexible working options to support your wellbeing.

WHAT WERE LOOKING FOR

Candidates with the following qualifications and experience are likely to succeed as Incident Response Associates at S-RM.

That said if you dont think you meet all of the criteria below but still are interested in the job please apply. Nobody checks every boxwere looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

We nurture a culture of equality diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents experiences and perspectives.

Were looking for:

• Experience: 5 years experience in a technical cyber security role. Direct experience working in an incident response team is beneficial but not essential.
• Approach: an investigative mindset. You should be comfortable solving problems with limited information and guidance.
• Threat intelligence: some demonstrable knowledge of cyber threat actors and their tactics techniques and procedures.
• Skillset: you should be comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so e.g. through your own research projects or prior experience.
• Communication: you should be able to communicate your technical findings for a non-technical audience in a professional setting.
• Qualifications: relevant industry certifications are not required for this role. However holding any of the following is beneficial: GCFE GCFA EnCE CFSR CISSP GREM CCNA MCFE OSCP Network and Security

The successful candidate must have permission to work inSouth Africaby the start of their employment.

OUR BENEFITS

We offer thoughtful balanced rewards and support to help our people do their best work and live their lives outside it this includes but is not exhaustive of:

• 23 days holiday per year in addition to public holidays (1 day for every year of service up to a maximum of 30 days in total);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% (up to a maximum of 14% combined) and financial education;
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave 5 days of leave per cycle of treatment per year;
• Maternity leave 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave 6 weeks of full pay.

Various Health and Medical Benefits including:

• Medical Aid (taxable benefit) for you and your immediate family
• EAP program for you and your immediate family;
• Free access to the world-famous mindfulness app.