Incident Response

Location:Greater London
Job Type:Full Time

Become part of the team

We believe in the power of ingenuity to build a positive human future in a technology-driven world. As strategies, technologies and innovation collide, we create opportunity from complexity. Our diverse teams of experts combine innovative thinking and breakthrough technologies to progress further, faster. Our clients adapt and transform, and together we achieve enduring results.

PA has a deeply experienced and capable cyber security practice who work with clients ranging from central national governments through to leading global companies. As part of PA you will be joining a team who align tightly into our industry teams to provide our clients with valuable market insight. We believe that one size does not fit all so take pride in building tailored solutions for our clients.

What we're looking for

PA Consulting is in search of creative and driven Cyber Incident Response consultant to join our growing incident response team. We are seeking an experienced Incident Response consultant with a real passion for information security and security operations to provide exceptional incident response for our clients in this hands-on role.
In addition to security operations, you will also apply your technical expertise to help develop our incident response service line by developing and delivering innovative processes, tools and techniques. In line with our passion for innovation and creativity you will also help us push the boundaries of thinking around cyber security and develop our IR capability and thought leadership. As such we highly value inquisitiveness and ingenuity to help us and our clients.

Key Responsibilities
- Assist in first responder activities remotely and on client premises to contain cyber security incidents for our clients under direction of the IR Team Lead.
- Perform further incident response, investigations and containment activities across cloud based and on premises Linux/Unix, Windows and Mac estates.
- Collect and analyse intrusion detection system alerts, firewall logs, network traffic logs and host system logs.
- Perform forensic artifact acquisition and analysis of disks, volatile memory and other devices as required.
- Perform static / black box malware analysis.
- Research and develop new IR tools and techniques based upon open source principles.
- Maintain cyber situational awareness for advising clients on the current threat landscape and the near threat horizon.
- Perform client incident response capability maturity assessments.
- Develop clients’ own incident response capabilities through advisory and consultative projects.
- Deliver written and oral client communications in the form of presentations and reports.

Essential Skills

- Recognised qualifications or experience in Computer Science / Information Security.
- Experience in at least one relevant programming language.
- Proven understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defense and intelligence frameworks.
- Strong understanding of enterprise grade technical security controls and defense in depth practices.
- One or more of the following:
- Certified incident manager (CCIM).
- Certified Incident Handler (GCIH)
- certified registered intrusion analyst (CRIA),
- certified network intrusion analyst (CCNIA),
- certified host intrusion analyst (CCHIA),
- certified malware reverse engineer (CCMRE),
- Certified (Network) Forensic Analyst (GCFA, GNFA

Desired Experience
- Experience in incident handling, threat hunting, threat intelligence.
- Previous exposure to enterprise scale infrastructure and technology stacks.
- Experience in analysing pcap captures and netflow logs from monitoring devices, typically FireEye, WireShark, SNORT and Netwitness
- Analyst experience applying Carbon Black, Mandiant MIR, CrowdStrike Falcon, FTK or EnCase Cybersecurity or other relevant tools.
- Experience of collecting logs from and utilising HIDS, IDS/IPS systems, SIEMs, AD controllers and firewalls
- Ability to correlate events from various sources to create incident timelines.
- Experience in blue / purple team engagements
- Experience in cloud-based infrastructure including Microsoft Azure; Office 365; Amazon AWS and Google Cloud


  • Private medical insurance
  • Interest free season ticket loan
  • 25 days annual leave with the opportunity to buy 5 additional days
  • Company pension scheme
  • Annual performance-based bonus
  • Life and Income protection insurance
  • Tax efficient benefits (cycle to work, give as you earn)
  • Additional optional benefits (Dental, critical illness, spouse/partner life assurance)

About us

We’re an innovation and transformation consultancy that believes in the power of ingenuity to build a positive-human future in a technology-driven world. Our diverse teams of experts combine innovative thinking with breakthrough-technologies to progress further, faster.

With a global network of FTSE 100 and Fortune 500 clients, we’ll offer you unrivalled opportunities for growth and the freedom to excel. Combining strategies, technologies and innovation, we create opportunity from complexity and deliver enduring results, enabling you to build a lasting career.

Diversity Statement

We believe that diversity makes us a stronger firm and look to employ people with different ideas, styles and skillsets. This diversity stimulates a rich, creative environment – one in which our people develop, and our clients enjoy enduring results. We’re committed to recruiting, promoting and rewarding our people solely based on their ability to contribute to PA’s goals, without regard to their sex, race, disability, religion, national origin, ethnicity, sexual orientation, age or marital status.

We welcome international applications, but we are unable to offer sponsorship for work permits, so you will need to have the full right to live and work in the UK. Unfortunately, your application will be automatically rejected if you do not have these rights.