Level 3 Security Analyst - DFIR and Threat Hunting - UK
United Kingdom - Remote
Triskele LabsAt Triskele Labs, we work with you to understand your risks, goals, challenges and culture to develop Cyber Security solutions tailored to your business.
Triskele Labs are an Australian based cybersecurity consultancy and Managed Security Services Provider (MSSP). Our SOC team are currently expanding our team into the USA to provide follow the sun Digital Forensics and Incident Response (DFIR) and Threat Hunting services for our Australian based clients.
This role will have a big focus on hunt and respond, as well as conducting detection engineering to identify threats not identified by the security tools we have in place. The role will be a technical lead for the Major Incident Response team and expected to interface with clients on an ongoing basis.
The Level 3 Security Analyst forms part of the Security Operations team that is comprised of Level 1 Security Analysts and other Level 3 Security Analysts. When you are not participating in Incident Response engagements, you will be undertaking threat hunts in our client environment using SIEMs, EDRs and Open-Source tools. The Level 3 Security Analysts also act as a technical escalation point for the Level 1 and 2 team. The Level 3 Security Analyst also directly interacts with the dedicated Adversary Simulation / Red Team to form a Purple team.
You will have prior experience in a SOC team (preferably at a MSSP) or in Digital Forensics and Incident Response roles. Familiarity with EDR tools (e.g. Carbon Black, Crowdstrike, Microsoft Defender) and forensic tools (e.g. Magnet Axiom, KAPE, X-Ways, Volatility, Cellebrite) is required. Experience in reverse engineering malware and Cyber Threat Intelligence is advantageous.
We are looking for someone that has advanced technical knowledge, can work autonomously and can convey technical findings in a non-technical manner to stakeholders. As a fully remote role in a different country than all other team members, you will be able to work autonomously and have the ability to keep your wider team informed through handovers and conversations via Instant Messaging and Video Conferencing.
The following outlines the typical responsibilities of the role:
- Lead Digital Forensic and Incident Response engagements. This could include and require extensive overtime including late nights, weekends, and Public Holidays.
- Undertake static and dynamic analysis of malware samples collected from DFIR engagements.
- Collaborate with the Cyber Threat Intelligence Team during DFIR engagements.
- Development of industry specific targeted Threat Hunts based on client industry and size.
- Ongoing Threat Hunting in client environments using SIEM, EDR and other tools.
- Assistance in the triage of alerts that have been escalated from Level 1 and Level 2 Security Analysts.
- Collaborate with the Red Team for Purple Team engagements.
- Research of emerging threats and detection engineering, implementing rules and alerts for detections that are not included in security tools.
- Architect solutions for Open Source SIEM and EDR solutions.
- Assist with Cyber Threat Intelligence research and report development.
- Implement new tools and technologies such as internal malware sandboxes, reverse engineering labs and segregated networks.
- Documentation and development of procedures and methodologies as needed.
Team culture is everything to Triskele Labs and it is the reason we exist. Our founder set out to create a cybersecurity company that is a place our team love to work. While we focus this culture on the team in Australia, the pivot to remote working has ensured that we provide this for all team members, on-site or remote. We will continue to strive for excellence with our inclusive team culture through initiatives developed by our People and Culture team. In addition, we provide:
- Annual Training Budget and Paid Training Leave
- Paid vacation leave
- Additional paid leave days - 'Birthday Leave' and 'Doona Day Leave'
- Paid Parental Leave (up to 12 weeks post 12 months of service)
- Access to Blue Team Labs Online
- Continual Learning Scenarios through team knowledge sharing
- Access to Employee Assistance Program (EAP) for all team members
We are a forward thinking company and always looking for ways to boost our team culture and ensure we are a destination employer.
* Salary range is an estimate based on our salary survey 💰
Other jobs like this
Explore more Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Infrastructure Security Engineer jobs
- Open Head of Information Security jobs
- Open Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Senior Penetration Tester jobs
- Open SOC Analyst jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Lead Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior SOC Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Staff Application Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Specialist jobs
- Open Application Security Engineer/Architect jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Program Manager jobs
- Open Offensive Security Engineer jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open SaaS-related jobs
- Open GCP-related jobs
- Open Clearance-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs
- Open APIs-related jobs
- Open CISM-related jobs
- Open CI/CD-related jobs
- Open CISA-related jobs
- Open SQL-related jobs
- Open DevSecOps-related jobs
- Open Finance-related jobs
- Open PowerShell-related jobs
- Open Security assessment-related jobs
- Open Splunk-related jobs
- Open IDS-related jobs