Level 3 Security Analyst - DFIR and Threat Hunting - UK

United Kingdom - Remote

Triskele Labs logo

Triskele Labs

At Triskele Labs, we work with you to understand your risks, goals, challenges and culture to develop Cyber Security solutions tailored to your business.

View all employer listings

Triskele Labs are an Australian based cybersecurity consultancy and Managed Security Services Provider (MSSP). Our SOC team are currently expanding our team into the USA to provide follow the sun Digital Forensics and Incident Response (DFIR) and Threat Hunting services for our Australian based clients.

This role will have a big focus on hunt and respond, as well as conducting detection engineering to identify threats not identified by the security tools we have in place. The role will be a technical lead for the Major Incident Response team and expected to interface with clients on an ongoing basis.

The Level 3 Security Analyst forms part of the Security Operations team that is comprised of Level 1 Security Analysts and other Level 3 Security Analysts. When you are not participating in Incident Response engagements, you will be undertaking threat hunts in our client environment using SIEMs, EDRs and Open-Source tools. The Level 3 Security Analysts also act as a technical escalation point for the Level 1 and 2 team. The Level 3 Security Analyst also directly interacts with the dedicated Adversary Simulation / Red Team to form a Purple team.

You will have prior experience in a SOC team (preferably at a MSSP) or in Digital Forensics and Incident Response roles. Familiarity with EDR tools (e.g. Carbon Black, Crowdstrike, Microsoft Defender) and forensic tools (e.g. Magnet Axiom, KAPE, X-Ways, Volatility, Cellebrite) is required. Experience in reverse engineering malware and Cyber Threat Intelligence is advantageous.


We are looking for someone that has advanced technical knowledge, can work autonomously and can convey technical findings in a non-technical manner to stakeholders. As a fully remote role in a different country than all other team members, you will be able to work autonomously and have the ability to keep your wider team informed through handovers and conversations via Instant Messaging and Video Conferencing.

The following outlines the typical responsibilities of the role:

  • Lead Digital Forensic and Incident Response engagements. This could include and require extensive overtime including late nights, weekends, and Public Holidays.
  • Undertake static and dynamic analysis of malware samples collected from DFIR engagements.
  • Collaborate with the Cyber Threat Intelligence Team during DFIR engagements.
  • Development of industry specific targeted Threat Hunts based on client industry and size.
  • Ongoing Threat Hunting in client environments using SIEM, EDR and other tools.
  • Assistance in the triage of alerts that have been escalated from Level 1 and Level 2 Security Analysts.
  • Collaborate with the Red Team for Purple Team engagements.
  • Research of emerging threats and detection engineering, implementing rules and alerts for detections that are not included in security tools.
  • Architect solutions for Open Source SIEM and EDR solutions.
  • Assist with Cyber Threat Intelligence research and report development.
  • Implement new tools and technologies such as internal malware sandboxes, reverse engineering labs and segregated networks.
  • Documentation and development of procedures and methodologies as needed.


Team culture is everything to Triskele Labs and it is the reason we exist. Our founder set out to create a cybersecurity company that is a place our team love to work. While we focus this culture on the team in Australia, the pivot to remote working has ensured that we provide this for all team members, on-site or remote. We will continue to strive for excellence with our inclusive team culture through initiatives developed by our People and Culture team. In addition, we provide:

  • Annual Training Budget and Paid Training Leave
  • Paid vacation leave
  • Additional paid leave days - 'Birthday Leave' and 'Doona Day Leave'
  • Paid Parental Leave (up to 12 weeks post 12 months of service)
  • Access to Blue Team Labs Online
  • Continual Learning Scenarios through team knowledge sharing
  • Access to Employee Assistance Program (EAP) for all team members

We are a forward thinking company and always looking for ways to boost our team culture and ensure we are a destination employer.

* Salary range is an estimate based on our salary survey 💰

Tags: Blue team EDR Forensics Incident response Malware Open Source Red team Reverse engineering SIEM Threat intelligence

Perks/benefits: Career development Parental leave

Regions: Remote/Anywhere Europe
Country: United Kingdom
Job stats:  38  7  0

Other jobs like this

Explore more Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.