Senior Systems Engineer – cyber security response team at Context Information Security (Cheltenham, UK)

Context’s Response Engineering Team are looking for a senior systems engineer to join and support the wider Response department by helping to develop and maintain our core technical capabilities.

What does the Response team do?

Context’s Response Team is regularly involved in Network Compromise Assessments and Incident Response Engagements involving large, complicated environments targeted by very capable malicious actors. The Response Team monitor live networks and investigate previous compromises to understand how an attack unfolded and provide information to the client as to what systems were accessed, what data was stolen, and how to minimise the chances of such attacks in the future.

This position is based in our Cheltenham office.

The Role

  • Gaining an appreciation for how the Response toolsets are used with a view to continually improving service to users
  • Working with customers to deploy necessary endpoint and networking monitoring tools in the initial stages of an engagement
  • Ensure the effective running of existing systems, which includes regular maintenance and compliance with necessary regulations
  • Supporting client engagements
  • Maintaining and improving technical services and capabilities

This list is not intended to be exhaustive and the incumbent will be expected to take on additional responsibilities as directed by their Line Manager or as dictated by the business needs of the company. Engineers in this area are often required to help support consultants by providing technical support on conference calls and occasionally onsite.

Core Responsibilities

  • Gaining an appreciation for how the Response toolsets are used with a view to continually improving service to users
  • Working with customers to deploy necessary endpoint and networking monitoring tools in the initial stages of an engagement
  • Ensure the effective running of existing systems, which includes regular maintenance and compliance with necessary regulations
  • Supporting client engagements
  • Maintaining and improving technical services and capabilities
  • This list is not intended to be exhaustive and the incumbent will be expected to take on additional responsibilities as directed by their Line Manager or as dictated by the business needs of the company
  • Engineers in this area are often required to help support consultants by providing technical support on conference calls and occasionally onsite

Person Specification

  • Comprehensive knowledge of Linux administration and application debugging techniques
  • Comprehensive knowledge of at least one scripting language
  • Comprehensive knowledge of common network protocols such as TCP/IP, HTTP, DNS, TLS
  • Good knowledge of network administration (especially Cisco, Arista, and Palo Alto equipment)
  • Good knowledge of Windows environments
  • Good knowledge of current and past Information Security threats
  • Good knowledge of IDS principals, the purpose of them and an understanding of how they work
  • Good knowledge of SQL database administration
  • Good knowledge of VMWare administration and architecture
  • Experience troubleshooting and providing feedback on in-house and third-party provided tools
  • Exceptional problem solving abilities, analysis and communication skills
  • Prior experience with the following toolsets and services are desired, but not strictly required
  • Log analysis frameworks (e.g. ELK, Splunk, LogRhythm)
  • Packet capture solutions (e.g. RSA NetWitness, Wireshark, tcpdump)
  • IDS solutions (e.g. Firepower, Suricata)
  • Endpoint monitoring solutions (e.g. Carbon Black, Falcon)
  • Digital forensics (e.g. Encase, X-Ways)

The successful candidate will be expected to work with a wide and evolving range of technologies, and as such the most important aspect for a candidate is their willingness to learn and adapt to new technologies.  As a guide, the list above set the experience Context expect of the successful candidate, and key technologies where experience would be a significant advantage.