Incident Response Consultant

To apply: Please send a brief cover letter and your resume to

This is an exciting role to suit a passionate and keen cyber security enthusiast. Nettitude has grown to an industry leader within the UK and North America. This role is to both deliver IR engagements and incident response within the services provided by Nettitude. You will be involved in a wide range of activities from pre sales, SOC escalations and incidents.
Nettitude provide both first line IR services and also extensive IR consultancy to large organisations where the development and maturity of customers in house IR capabilities is needed. Integrating with our own SOC Maturity Model you will be involved in the delivery of IR maturity reviews, IR assessments and proactive IR simulations and readiness workshops. Nettitude have active involvement in the key bodies that are shaping this maturing area and this role will require active leadership within this.
Nettitude believe that a solid understanding of real life attacks is essential in any high quality Incident Response services. Proven experience with offensive security (penetration testing), as well as detection, networking and endpoint solutions, are all distinct advantages.

Why Nettitude?

We have industry leading levels of employee retention, and for good reason; we’re the kind of place that no one wants to leave!  We push ourselves to the max, so if you’re the kind of person who loves deep technical challenges and a fantastic work environment, we welcome your interest.

  • Work/life balance. No one enjoys doing the same thing week in, week out. For that reason, we have developed internal tools and business processes that guarantee variety and balance.
  • Internal Conferences, or as we like to call them, Clinic days. Eight times per year we block book our consultants’ calendars. We get together, in a red vs blue type experience, conduct competitive Threat Hunts, and debate the latest industry hot topics with an annual NettiCon Conference. An internal conference for all technical teams to learn and share.
  • External Conferences and training. Members of our team regularly attend leading industry conferences.
  • Cutting edge engagements across all industries and geographical locations. From investigating advanced cyber crime to the next ransomware from either our extensive customer base or SOC Customers – we see it all!
  • Nettitude CIRT Team are consummate professionals with decades of experience in military and law enforcement. We are also a member of CREST CSIR and
  • Multiple career progression paths. We do not put people into boxes. The hard ceiling is set only by your ambitions, dedication, and abilities.

About You

  • Working within cyber defensive for 3-5 years
  • Be hands on familiar with IR toolsets and investigation techniques on both Windows and GNU/Linux Operating Systems
  • Be able to work within the IR and SOC team to lead IR investigations
  • Write post incident reports and deliver findings to client stakeholders
  • Work with the sales team and manage pre sales calls and meetings
  • Experience with enterprise level EDR and SIEM platforms.
  • Collaborative attitude and must be able to co-ordinate with teams across continents
  • Home based flexible working with travel within the UK

Skills and Experience

  • IT Security related degree.
  • Hold, or be able to sit and pass one of the CREST Incident Response exam within 6 months
  • In-depth knowledge of operating systems – Windows & Linux, firewalls, HIDS/HIPS & IDS/IPS
  • Experience with OSINT and threat intelligence gathering methods
  • Excellent verbal, written and presentation skills

Some Things We Would Love

  • Understand what sophisticated, real world attacks look like and how to identify TTP’s within log data
  • Industry standard information security certification (CISSP, CISM etc)
  • Deliver post event IR assessments and desktop/real life IR simulations at a technical and executive level
  • Be able to guide, influence and provide thought leadership within incident response services
  • Hold a CREST or SANS (or other industry related exam) in Incident Response (CREST Certified Incident Manager, CREST Certified Network or Host Intrusion Analyst, SANS GCIH, etc)
  • Knowledge and experience with proactive threat hunting techniques and procedures
  • Have experience with and knowledge of threat intelligence, honeypots and 3rd party TI feeds

To apply: Please send a brief cover letter and your resume to