Security Consultant - MDR

Security Consultant - MDR

This company is an Industry Leader in Cybersecurity services and solutions. They are also CREST Accredited for the provision of Penetration Testing (Pentest) services.

This is a technical lead position inside the Managed Detection & Response service. In this role, you will lead intricate investigations, working directly with customers to assist them in investigating and responding to security incidents. As a senior team member, you will mentor less experienced analysts and drive continuous improvement in our detection and response capabilities. This position requires a strong foundation in cybersecurity operations, a deep understanding of various security solutions commonly deployed in enterprise environments (such as SIEM and XDR), and the ability to train others and develop complex processes and procedures to increase service efficiency.

• Lead triage and full lifecycle investigation of high-severity security incidents (endpoint, network, cloud).
• Coordinate responders, perform containment/remediation decisions, drive post-incident RCA and lessons learned.
• Design, implement, test and tune detections across EDR, NDR, SIEM, and cloud logs; map detections to MITRE ATT&CK.
• Create and maintain playbooks / runbooks and SOAR automations to reduce MTTR and analyst load.
• Develop and maintain detection coverage metrics and SLAs; own escalations and communication with customers for incidents.
• Mentor and train Tier 1/2 analysts; conduct quality reviews of investigations and escalate when appropriate.
• Contribute to the development, documentation, analysis, testing, and modification of threat detection systems and playbooks.
• Provide feedback on gaps or improvements needed in processes, documentation, or technology.
• Maintain an up-to-date knowledge of threat actor techniques and tools and share insights and best practices with the broader team, championing a culture of continuous learning.

• 5+ years of experience in cybersecurity operations (monitoring, detection, investigation, and incident response).
• Strong endpoint, OS (Windows, Linux, macOS), and networking knowledge including ability to read logs, parse artifacts, and interpret network flows.
• Scripting, and automation such as Python, PowerShell, Bash, and ability to author detection queries and automate tasks.
• Familiarity with malware analysis concepts (static/dynamic), YARA, and reverse-engineering basics.
• Understanding of identity & access compromise, lateral movement, persistence mechanisms, and enterprise attack surfaces.
• Expertise with various log sources, such as Office365, Azure, Entra, SharePoint, OneDrive, Exchange Online, Windows Active Directory, Windows Event Logs, Syslog, DNS, VPN, and the ability to interpret and analyze these logs for anomalies and security incidents.
• Excellent written and verbal communication; experience producing incident reports and presenting to technical and executive stakeholders.