Digital Forensics and Incident Response Analyst
hackajob is collaborating with Admiral Group Plc to connect them with exceptional tech professionals for this role.
About The Job
The Digital Forensics and Incident Response Analyst role will sit within our Security Operations Department. This is a hands‑on technical role.
We are looking for someone with a technical background and experience in incident response with an emphasis on cloud response. Someone with excellent documentation skills who is a team player, working closely with their peers. This person will be part of the main escalation point for our SOC and an active member of purple team activities.
The right candidate will be able to work alongside senior stakeholders across the business and represent security operations with the technology risk teams. When not responding to and managing incidents, you will be expected to take part in threat hunting, supporting other investigations and driving post‑incident review activities. The candidate will also support other initiatives such as constant reviews of processes and procedures, developing new playbooks, running business‑wide tabletop sessions (including extinction‑level attacks) and assessing our overall digital forensic and incident response maturity levels.
Being able to distil technical information to non‑technical members of Admiral is important. The successful candidate should not be afraid to question what is being presented to them, constantly searching for answers to “why” something has happened and persisting through resolution to learn as a business.
Essential Skills
* 2+ years of experience conducting incident response and forensic investigations.
* Experience with incidents in the cloud (Azure and/or GCP).
* Hands‑on experience with proxies, load balancers, virtual machines, containers, and/or serverless technologies.
* Experience with cloud‑native security capabilities and features (e.g., GuardDuty, Sentinel, CloudTrail etc.), common enterprise security tools (SIEM, EDR, etc) and cloud‑specific security tools.
* Proficient use of Linux, MacOS, and Windows Operating System tools (such as curl, wget, nslookup, etc).
* Practical programming knowledge or experience in writing scripts in Python, PowerShell, Java, etc.
* Broad understanding of networking and common enterprise technologies.
* A demonstrable understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
* Ability to support business objectives, work with cross‑functional teams and support third‑party responses.
While you may not have all the relevant experience above, if you are proactive and eager to learn we would love to hear from you!
Benefits
We take pride in being a diverse and inclusive business. It's a place where you can Be You, and show up as you are. We’re committed to fostering a people‑first culture where everyone is accepted, supported, and empowered to be brilliant. You can grow and progress at a pace and direction that suits you, make a difference for our customers and each other, and share in our future with all colleagues eligible for up to £3,600 of free shares each year after one year of service.
Everyone receives 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays). You also have the option to buy or sell up to an additional five days of annual leave.
We’re proud of our people‑first culture. In fact, we've been recognised as a Great Place to Work for Women, a Great Place to Work for Wellbeing, and an overall Great Place to Work for over 25 years! We’re fully committed to making sure your progression is not slowed or halted by barriers related to race, gender, age, sexuality or any of the protected characteristics.
Our fantastic benefits make sure our colleagues have a great work‑life balance; You can view some of our other key benefits here.
#J-18808-Ljbffr