EMPREGO

Incident Response Identity Consultant - Active

Dell-London, Reino Unido

Secureworks® (NASDAQ: SCWX) is a global cybersecurity leader that protects customer progress with Secureworks® Taegis, a cloud-native security analytics platform built on 20+ years of real-world threat intelligence and research, improving customers’ ability to detect advanced threats, streamline and collaborate on investigations, and automate the right actions.

We enjoy competitive compensation and benefits packages, and reward and recognize our employees for exceptional results. A constant focus on continued learning and growth keeps our team members engaged and excited about “what’s next.” We offer flexible work options when available, and emphasize the importance of work-life balance. We know that when our people are rewarded, recognized, and rejuvenated, we win as a team.

Role Overview:
The Incident Response Identity Consultant will be responsible for communicating, planning, and directing customers in preparation and response to major incidents affecting AzureAD and on-prem AD (Active Directory).

Role Responsibilities:

  • Proactive engagements:

  • Understand customers' exposure to poor identity practices and advise customers on practical steps to improve their security posture.

  • Train customers on how to defend their AD, by demonstrating how AD attacks work.
  • Work with customers to audit existing security controls and practices around identity management with AD/AAD.
  • Be a key stakeholder in customer facing runbooks.
  • Provide SME input to Taegis detector authors in order to develop detectors for identity-based attacks.
  • Share knowledge with wider IR practice regarding identity-based threats in Azure AD and on-prem AD.

  • Emergency engagements:

  • Work with Incident Commanders and other Incident Response Consultants during incident response investigations where identified intrusion activity necessitates AD SME support.

  • Guide customers through the journey of regaining control of their AD after it has been compromised by a threat actor.
  • Advise customers on immediate AD hardening steps that can be taken to maintain control of AD after an eviction effort.
  • Develop architectural recommendations during a cybersecurity incident to improve the resilience of customers' AD.

Requirements:

  • Minimum 5 years Microsoft Active Directory experience
  • Minimum 1 year Microsoft Azure Active Directory experience
  • Willingness to travel up to 10%, including on short notice
  • Willingness to directly work with multiple customers on different engagements in parallel
  • Excellent written and oral communication skills
  • Enjoys explaining complex technical issues to make non-technical audiences understand the "so what?"

Preferences:

  • Consulting experience with large external customers, preferably with large multinational organisations
  • Project management experience working with multiple teams, to include negotiating timelines and project requirements
  • Keen interest in the security aspects of identity
  • Familiarity with collecting and enumerating AD data
  • Experience as systems administrator in an enterprise environment

As members of the disability confident scheme, we guarantee to interview all disabled applicants who meet the minimum criteria for the vacancies and ensure our recruitment process is inclusive and accessible.

Berufsgruppe: Remote

Job ID: R162136