Incident Responder - Forensics

About Ekco

Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients’ existing technology investments.

In a few words, we take businesses to the cloud and back!

We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Ireland, Benelux, South Africa & Malaysia.

About the Team

In Ekco we are expanding our Incident Response teams by moving key roles into a new dedicated practice for Cyber Resilience. A cornerstone of this practice is our Incident Response capabilities across both Response and Recovery activities. This team works proactively with our customers to help prepare them for the worst and have response plans ready to enact should they suffer an attack. In the event of a Crisis we like to get our technical hands dirty. We dive in side by side with our customers teams when they are attacked and we work hard to protect, respond and recover their business.

As a Cyber Incident Responder (Forensic Specialist), you will play a critical role in incident investigations and recovery, focusing on system isolation, restoration and hardening. You’ll be part of a high-performing CIRT Team responsible for supporting clients during and after cyber incidents, ensuring secure and resilient operations.

Incident Response is a demanding and time-intensive role, often likened to emergency services in its urgency and unpredictability. When a cyber crisis occurs, Incident Responders are the first line of Defense, mobilized immediately to contain, investigate, and remediate the issue. These moments require extended hours, rapid decision-making, and a high degree of flexibility, often working through nights, weekends, and holidays to restore normal operations.

The intensity of the role peaks during active incidents, where the workload can be relentless and the stakes high. However, this is balanced by periods of recovery and downtime once the immediate threat has been resolved. During these quieter phases, Incident Responders are afforded well-earned time off to recharge, recognizing the toll that crisis response can take.

To lead crisis efforts during cyber incidents, working on systems in various compromised states to perform the security investigation, while also working on containment elements, including isolating devices, threat hunting and recommending containment controls. You will also support the Network & Systems teams with escalations and contribute to documentation and knowledge sharing. Pre & Post Crisis you will contribute to the improvement of our service through better tooling, processes, documentation and knowledge sharing including performing some pro-active functions to enable customers to improve their ability to respond.

Out of incidents you will design, prepare, and deliver technical tabletop exercises for diverse customer audiences and work with the team to launch new pro-active services designed to ensure resiliency in our customers.

This role is well-suited to individuals who can rapidly develop a comprehensive understanding of a customer's environment often in the absence of detailed documentation and are capable of identifying and implementing architectural changes in real time in line with our methodologies. They need to be located in Ireland, can come to an office to workshop with the team as is needed and can travel nationally and internationally quickly in the event of a Crisis.

• Minimum of 5-6 years proven experience working within MSSP/professional services incident response
• Strong expertise and understanding in the configuration, deployment and operation of SOC technologies (SIEM, EDR, SOAR, etc)
• In-depth expertise in the analysis of logs, artefacts, security events, IOCs, tactics, techniques and procedures (TTPs)
• Strong practical knowledge of incident response processes
• Strong practical knowledge and expertise in conducting both live and dead forensic investigations during complex incident response engagements across diverse technologies and operating systems (Windows, Linux, Unix)
• Practical experience of IR forensics toolsets – Magnet Axiom, Velociraptor, EnCase, KAPE
• In-depth computer networking expertise, with the ability to analyse network traffic, identify anomalies, and apply network forensics techniques to support incident detection, containment, and remediation.
• Deep understanding of the cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, CIS) and threat landscapes
• Proven ability to handle high-pressure situations, leading technical bridge calls, make critical decisions, and manage complex incidents.
• Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively
• Previous experience of mentoring and developing incident response resources
• Good problem-solving abilities with a proactive focus on finding innovative and practical solutions.

You’ll also have:

• Relevant IR certifications such as CREST (CRIA CCIM), GIAC (GCIH/GCIA/GNFA, GCFA, GREM), CISSP, CISM are highly desirable.
• Practical experience of IR forensics toolsets – Magnet axiom, Velociraptor, EnCase, KAPE etc
• Previous experience creating and delivering cyber incident exercises and simulations for client organisations
• Malware analysis certifications and experience
• Great troubleshooting, communication and customer experience skills
• Ability to prioritize work, work under pressure and as a part of a team
• Eagerness to learn and develop, to help customers and colleagues, and to document environments, processes and policies

• Time off - 25 days leave + public holidays
• x1 day Birthday leave per year
• Company Pension Scheme (employer contribution 4%) + flexible salary sacrifice
• Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
• EkcOlympics - a global activity for fun!
• Learning & development - Unlimited access to Pluralsight learning platform

• A lot of responsibilities & opportunities to grow (also internationally)