Senior Cyber Incident Response and Forensic Analyst
Purpose of the Role
Working as part of the Global Cyber Security Incident Management function within Chief Information Security Office (CISO) the role will manage delivery of Cyber Incident Response and Forensics services to Aviva markets; supporting regulatory, IT Security best practice, policy and business requirements.
Assume breach. This is now the mindset that cyber security professionals must adopt to deal with persistent and capable adversaries. We need to identity and respond to a breach quickly, contain it and understand what has happened to minimise the impact on the business. Skillful forensic analysis offers the best opportunity to get as close as possible to the truth of what has happened: how did they get in, what did they take and are they still there? This skillful analysis depends on having the people, processes and technologies in place to respond quickly and effectively to breaches.
The Global Cyber Security Incident Management function within GCSO is a newly created function which has been created to ensure that all relevant parts of the Aviva business are activated, informed and work together to respond quickly and effectively to minimise the impact of intrusions. Reporting to the team lead you will provide incident response and forensic expertise to support this function.
This is an exciting opportunity to work at the forefront of cyber defence operations, delivering GCSO’s and Aviva’s wider mission through reducing the impact of cyber intrusions on our networks. You’ll investigate and perform root cause analysis on intrusions in Aviva’s networks. This is an opportunity to apply deep technical skills as part of a highly motivated wider technical team.
Cyber security is constantly changing and you’ll have an opportunity to inform and influence decisions around the roadmap of our forensic capability.
Duties & Responsibilities
You’ll drive technical response to incidents by performing elements of digital forensics (including disk, volatile memory, network packets, and logfile analysis).
You’ll also lead the scoping and defining of our forensic requirements, as we benchmark our current capability against future requirements. Your subject matter expertise will be crucial in making the best possible choices.
When not responding to incidents, you will help develop our incident response capabilities, including writing and maintaining playbooks, assessing the incident response maturity, and assisting in table-top cyber-scenario exercises.
Skills & Experience required
- Solid understanding of client-server infrastructures, security architectures and related logging and alerting
- Knowledge of TCP/IP networking with the ability to perform deep-dive network forensic analysis
- Solid understanding of file-system analysis including FAT, NTFS, HFS+ and/or EXT2/3/4 and ability to find and extract common disk-based indicators of compromise
- Knowledge of Windows, Linux and/or OS X internals
- Knowledge of and experience in Malware Analysis to a minimum level of behavioural analysis
- Knowledge of and experience in memory analysis
- Ability to report key findings in a clear and concise manner to both technical and senior management audiences Experience with a scripting language such as Python, Ruby, Powershell or Bash is desirable
- Vendor independent qualification in Incident Response and Forensics such as GIAC or CREST
- Vendor specific qualification such as AccessData Certified Examiner (ACE) or Encase Certified Examiner (EnCE)
- BSc in Computer Science or similar
- MSc in Information Security or similar
This is a senior level role with expectations of significant previous experience in incident response and forensics. We’re looking for demonstrable passion for cyber-security, with evidence of self-improvement.
What will I get from this role
- Salary: Competitive, dependent on skills & experience
- Generous defined contribution pension scheme
- Annual performance related bonus and pay review
- Minimum holiday allowance of 25 days plus bank holidays and the option to buy/sell up to 5 additional days
- Up to 30% discount for some Aviva products through “My Aviva Extras” plus discounts for Friends and Family
- Excellent range of flexible benefits to include a matching share save scheme
Bring to Aviva what makes you different and we’ll support you to do the best work of your life. We encourage applications from everyone who wants to help us achieve our purpose of helping our customers to Defy Uncertainty.
One of Aviva’s core values is Care More, and this is brought to life through the flexible ways we like to work. This may include working from home some of the time, or flexible work schedules to accommodate parent and carer responsibilities, further studies and hobbies.
We prefer all applications to be submitted online, however if you require an alternative method of applying please contact Alex Stumpo in the Resourcing team at firstname.lastname@example.org