Role Purpose
To lead and conduct complex cyber security incident investigations, providing expert technical analysis, guidance, and strategic advice to customers. This role combines advanced digital forensics, threat analysis, and incident response leadership with consulting, mentoring, and readiness activities that strengthen customer resilience and support Quorum Cyber’s mission to protect organisations from harm.
What I Do Is
* Lead investigations into complex incidents and threats across diverse technologies and environments. This involves working outside of core hours as required.
* Perform advanced host, network, and memory forensics, including Windows, Linux, macOS, and multi-cloud artefact analysis.
* Identify threat actor tools, tactics, and procedures (TTPs).
* Analyse logs, network traffic, disk images, and volatile artefacts to determine attacker intent, actions, timelines, and impact.
* Ensure evidence collection and handling follow best practice, including documentation and chain-of-custody standards.
* Maintain deep situational awareness of emerging threats, malware families, and evolving threat actor behaviours.
* Interact with customer stakeholders, legal teams, technical staff, and executive leadership during incidents.
* Improve internal and customer incident detection, escalation, containment, and response processes.
* Collaborate with the Threat Intelligence team to integrate findings and enrich intelligence outputs.
Consulting, Advisory & Customer Engagement
* Communicate investigative findings, recommendations, and strategic guidance clearly to technical and non-technical audiences.
* Provide consultative advice that links threats to business risks, helping customers make informed risk-management decisions.
* Assist internal and external teams with technical and privacy/security risk mitigation activities.
* Deliver Incident Response Readiness Assessments of customer IR plans, playbooks, and response capability.
* Provide executive and board-level training on cyber security and incident response.
* Facilitate cyber incident tabletop exercises to help customers test and improve their readiness.
Other
* Mentor junior IR team members, providing coaching, technical guidance, and quality assurance.
The Skills I Need Are
Technical Skills
* Advanced forensic analysis across Windows, Linux, macOS, and cloud platforms.
* Memory forensics Analysis.
* Network traffic and log analysis, including firewall, endpoint, web, authentication, and cloud telemetry.
* Deep understanding of enterprise security controls (e.g., Active Directory, identity systems, network architectures).
* Proficiency with EDR and SIEM platforms for investigation and threat hunting.
* Experience with Microsoft aligned security stacks.
* Ability to identify attacker behaviour patterns, extract IOCs, and map findings to threat actor TTPs.
* Experience handling and preserving digital evidence to defensible standards, including chain of custody.
* Experience building scripts, playbooks, or tooling that automate or enhance investigation workflows.
Soft Skills / Behaviours
* Strong written and verbal communication, able to convey complex findings with clarity.
* Customer-centric mindset with an ability to build and maintain strong relationships.
* Ability to think clearly and make sound decisions under pressure.
* Analytical and detail-focused, with a curious and investigative mindset.
* Effective collaboration across teams and disciplines.
* Ability to mentor, influence, and support the development of junior colleagues.
I Know I Have Done A Great Job If
* I lead incident investigations that reach timely, effective, and well-evidenced resolutions.
* Customers express trust and satisfaction following incident handling, reporting, and debrief sessions.
* I deliver impactful readiness assessments, training sessions, and cyber exercises that improve customer resilience.
* I mentor junior team members and help raise the capability of the entire IR function.
* I actively improve methodologies, tooling, and processes that escalate Quorum Cyber’s overall IR maturity.
Other Information
You will get an excellent salary, with world class benefits. As a leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.
Our Commitment to Equality & Diversity
Our diversity is a huge part of our success, and collecting data during the hiring process helps us understand how to keep strengthening and supporting that diversity. We are an equal opportunity employer and are committed to fostering an inclusive, accessible, and equitable workplace where all qualified applicants receive fair consideration. We do not discriminate on the basis of race, national or ethnic origin, colour, religion, age, sex, sexual orientation, gender identity or expression, marital status, family status, disability, or any other characteristic protected under applicable law.
The information requested below is collected to help us meet our employment equity and reporting obligations, and to support our ongoing diversity and inclusion initiatives. Providing this information is entirely voluntary. It will not be shared with hiring managers and will not be used in any hiring decision. Declining to provide this information will not affect your application in any way.
#J-18808-Ljbffr