Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us

Working in Cyber at S-RM

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Incident Response and Managed Services practices are in more demand than ever.

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

The role

Cyber Threat Intelligence (CTI) is an integral part of our Incident Response (IR) and Managed Services practices. As a CTI analyst you will be a critical part of our wider cyber team’s success.

You will work across the full intelligence cycle to help our clients respond and recover to security incidents, and stay ahead of evolving threats, including:

• Threat Actor Intelligence: You will track developments in the ransomware and cybercrime ecosystem, and write and update profiles on key threat actors of interest which will be shared with clients to inform case strategy and externally as thought leadership
• Threat Actor Engagement: You will monitor leak sites and negotiation portals across our global IR cases, and inform case leads of regular developments. You will assist with researching and drafting attestations on sanctions exposure for given threat actors
• Dark Web Monitoring: You will use threat intelligence platforms and specialist tools to conduct targeted research the dark web and set up and deliver regular monitoring engagements. You will assist with renewals of these cases
• Technical IOC Management: You will help collate technical indicators of compromise (IOCs) from across our global IR team, ensure these are enriched and correctly classified, and facilitate dissemination across the organisation to improve the operational effectiveness of our IR and Managed Services teams
• Incident Data Collection and Analysis: You will help ensure that incident data collected by our global IR team from our engagements is accurate and consistent. You will assist with the management of this dataset, and with analysis to produce regular reporting on trends and insights to use for presentations, events and training sessions
• CTI-lead analysis: You will assist with in-depth investigations which have a strong threat intelligence component, including conducting research and drafting client-facing reports
• Blockchain analysis: You will use specialist tools to trace ransom payments to identify sanctions exposure or other compliance risks, and draft reports to present findings to clients
• Thought leadership: You will contribute to public write ups and presentations on new vulnerabilities, trends, and threat actor techniques
• Help develop and share domain expertise: We will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Help contribute to business development: You will help cultivate and manage close relationships with external partners who we share intelligence with and help identify business development opportunities.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your cyber threat intelligence and incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team’s work/life balance and offer flexible working options to support your wellbeing.

What we're looking for

Candidates with the following qualifications and experience are likely to succeed as Cyber Threat Intelligence Analysts at S-RM. 

That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.

Required Skills:

• Excellent written and verbal communication skills, with the ability to produce clear and  concise reports.
• Strong analytical and problem-solving skills, including the ability to work with incomplete, ambiguous, or conflicting information.

• Understanding of foundational cyber concepts, such as common attack vectors (e.g., phishing, credential misuse), high-level security terminology, and general threat actor motivations.
• Understanding of core intelligence concepts, including the intelligence lifecycle, requirements gathering, and the distinction between tactical, operational, and strategic intelligence outputs.

• A demonstrated interest in cyber threats, including financially-motivated activity such as ransomware and extortion.

Preferred Skills:

• Academic or professional background in a research-focused discipline (qualitative or quantitative), such as Political Science, Intelligence Studies, Criminology, Cybersecurity, Computer Science, Data Science, or related fields.
• Familiarity with cybersecurity fundamentals, such as threat actor TTPs, IOCs, and relevant frameworks (e.g., MITRE ATT&CK).
• Ability to contextualize findings into business-relevant assessments, including potential impact, likelihood and recommended mitigations.
• Experience using OSINT and/or Threat Intelligence platforms (e.g. VirusTotal, Shodan, MISP, Recorded Future).

Successful candidates are likely to show the following personal attributes: 

• An investigative mindset and an enthusiasm for investigations.
• Exceptional attention to detail, especially when examining indicators, infrastructure data, and adversary behaviours.
• A collaborative mindset and willingness to collaborate across teams.
• Ability to thrive under pressure, prioritize multiple tasks, and meet short deadlines.
• A self-starter, demonstrating initiative, ownership of work and the ability to identify opportunities to enhance S-RM's cyber capabilities.

Relevant industry certifications are not required for this role. However, holding relevant CTI or cyber security related certifications such as the following is beneficial: GCTI, GCFA, SSCP, or Security+

Our benefits

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside of work. This includes but is not exhaustive of:

• Holiday – 23 days per year increasing to 28 days (+1 day for every year you worked at S-RM, up to a maximum of 5 days) in addition to bank holidays
• Gap Cover policy – allowing you to bridge the gap between your medical bills and your medical aid cover.
• Hybrid working and flexible working hours;
• Private pension – up to 7% contribution matched by the company
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Various Health and Medical Benefits including:
• Medical aid with Discovery Health for employee, partner, and children up to the cost of the Classic Saver plan(taxable benefit) for you and your family;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app Headspace.

The application process

We want to get to know you, and for you to get to know us, to see if we’d be a good fit. We are responsive and respectful of people’s time throughout our hiring process.

A typical application process includes:

• Initial screening of your application by our recruiting team.
• An interview to assess your baseline technical skills.
• An interview to discuss your previous experience, broader competencies, and suitability for the role.

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us

Working in Cyber at S-RM

Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Incident Response and Managed Services practices are in more demand than ever.

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

The role

Cyber Threat Intelligence (CTI) is an integral part of our Incident Response (IR) and Managed Services practices. As a CTI analyst you will be a critical part of our wider cyber team’s success.

You will work across the full intelligence cycle to help our clients respond and recover to security incidents, and stay ahead of evolving threats, including:

• Threat Actor Intelligence: You will track developments in the ransomware and cybercrime ecosystem, and write and update profiles on key threat actors of interest which will be shared with clients to inform case strategy and externally as thought leadership
• Threat Actor Engagement: You will monitor leak sites and negotiation portals across our global IR cases, and inform case leads of regular developments. You will assist with researching and drafting attestations on sanctions exposure for given threat actors
• Dark Web Monitoring: You will use threat intelligence platforms and specialist tools to conduct targeted research the dark web and set up and deliver regular monitoring engagements. You will assist with renewals of these cases
• Technical IOC Management: You will help collate technical indicators of compromise (IOCs) from across our global IR team, ensure these are enriched and correctly classified, and facilitate dissemination across the organisation to improve the operational effectiveness of our IR and Managed Services teams
• Incident Data Collection and Analysis: You will help ensure that incident data collected by our global IR team from our engagements is accurate and consistent. You will assist with the management of this dataset, and with analysis to produce regular reporting on trends and insights to use for presentations, events and training sessions
• CTI-lead analysis: You will assist with in-depth investigations which have a strong threat intelligence component, including conducting research and drafting client-facing reports
• Blockchain analysis: You will use specialist tools to trace ransom payments to identify sanctions exposure or other compliance risks, and draft reports to present findings to clients
• Thought leadership: You will contribute to public write ups and presentations on new vulnerabilities, trends, and threat actor techniques
• Help develop and share domain expertise: We will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Help contribute to business development: You will help cultivate and manage close relationships with external partners who we share intelligence with and help identify business development opportunities.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your cyber threat intelligence and incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team’s work/life balance and offer flexible working options to support your wellbeing.

What we're looking for

Candidates with the following qualifications and experience are likely to succeed as Cyber Threat Intelligence Analysts at S-RM. 

That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.

Required Skills:

• Excellent written and verbal communication skills, with the ability to produce clear and  concise reports.
• Strong analytical and problem-solving skills, including the ability to work with incomplete, ambiguous, or conflicting information.

• Understanding of foundational cyber concepts, such as common attack vectors (e.g., phishing, credential misuse), high-level security terminology, and general threat actor motivations.
• Understanding of core intelligence concepts, including the intelligence lifecycle, requirements gathering, and the distinction between tactical, operational, and strategic intelligence outputs.

• A demonstrated interest in cyber threats, including financially-motivated activity such as ransomware and extortion.

Preferred Skills:

• Academic or professional background in a research-focused discipline (qualitative or quantitative), such as Political Science, Intelligence Studies, Criminology, Cybersecurity, Computer Science, Data Science, or related fields.
• Familiarity with cybersecurity fundamentals, such as threat actor TTPs, IOCs, and relevant frameworks (e.g., MITRE ATT&CK).
• Ability to contextualize findings into business-relevant assessments, including potential impact, likelihood and recommended mitigations.
• Experience using OSINT and/or Threat Intelligence platforms (e.g. VirusTotal, Shodan, MISP, Recorded Future).

Successful candidates are likely to show the following personal attributes: 

• An investigative mindset and an enthusiasm for investigations.
• Exceptional attention to detail, especially when examining indicators, infrastructure data, and adversary behaviours.
• A collaborative mindset and willingness to collaborate across teams.
• Ability to thrive under pressure, prioritize multiple tasks, and meet short deadlines.
• A self-starter, demonstrating initiative, ownership of work and the ability to identify opportunities to enhance S-RM's cyber capabilities.

Relevant industry certifications are not required for this role. However, holding relevant CTI or cyber security related certifications such as the following is beneficial: GCTI, GCFA, SSCP, or Security+

Our benefits

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside of work. This includes but is not exhaustive of:

• 23 days holiday per year in addition to public holidays (+1 day for every year of service up to a maximum of 30 days in total);yes
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education;
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.

Various Health and Medical Benefits including:

• Medical insurance (taxable benefit) for you and your family;
• Virtual GP for you and your family members that live in the same household;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app

The application process

We want to get to know you, and for you to get to know us, to see if we’d be a good fit. We are responsive and respectful of people’s time throughout our hiring process.

A typical application process includes:

• Initial screening of your application by our recruiting team.
• An interview to assess your baseline technical skills.
• An interview to discuss your previous experience, broader competencies, and suitability for the role.

WHO WE ARE 

S-RM is a global intelligence and cyber security consultancy.  Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.   

We’ve been able to do this because of our outstanding people.  We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.   

But we also know that work isn’t everything. It’s about the lives and careers it helps us build.  We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. 

We’re excited you’re thinking about joining us. 

WORKING IN CYBER AT S-RM 

Our Cyber Security division is the fastest-growing part of S-RM.  The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever.  

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. 

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE

Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead, you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents affecting cloud platforms, CI/CD pipelines and software delivery environments.

WHAT YOU WILL DO

You will be responsible for leading and delivering technical investigations for clients, including:

• Leading technical incident response engagements from first contact through to closure
• Acting as the primary technical resource on response cases, applying your own expertise and providing guidance to colleagues on the project team.
• Overseeing host‑, network‑ and cloud‑based investigations, including:
• Triage and containment
• System recovery and remediation support
• Technical evidence collection and forensic analysis
• Log, malware and root cause analysis

• Investigating a wide range of incident types, including but not limited to:
• Ransomware and extortion incidents
• Business Email Compromise (BEC)
• Unauthorised access and data breaches
• Incidents involving cloud environments, CI/CD pipelines, automation and software supply chains

• Applying cloud and DevOps‑related expertise where required, for example when incidents involve:
• Compromised cloud identities, APIs or control planes
• Abuse of CI/CD pipelines, source code repositories or secrets
• Infrastructure‑as‑Code and automated deployment workflows
• Developing and sharing domain expertise
  We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives, training and capability development.
• Participating in an on‑call rotation
  Providing 24×7×365 incident response coverage for our clients.

OTHER FEATURES OF THE ROLE

• Variety of casework
  No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries and technology stacks.
• Range of opportunities
  In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident reviews, incident readiness, threat exposure assessments and broader advisory projects.
• Flexible working practices
  Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working arrangements to support wellbeing.

WHAT WE’RE LOOKING FOR

Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM.

That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals who are particularly strong in certain areas and keen to develop in others.

We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds, skills and perspectives.

Experience

• 5+ years’ experience in a technical cyber security, cloud security, DevSecOps, platform engineering or related role.
• Direct experience working in a consulting or in‑house incident response team is beneficial, but not essential.

Approach

• A strong investigative mindset, with the ability to work through complex problems using limited or incomplete information.
• Comfortable operating in high‑pressure, time‑critical client situations.

Technical skillset

• Strong technical foundations suitable for investigating a range of incident types, including ransomware and intrusion scenarios.
• Experience or strong interest in cloud and modern infrastructure, such as:
• AWS, Azure or GCP
• CI/CD platforms and automation
• Identity, logging and audit trails in cloud environments
• Comfortable using scripting and automation to support investigations and analysis.

Threat awareness

• Demonstrable knowledge of cyber threat actors and their tactics, techniques and procedures, including those targeting both traditional enterprise environments and modern cloud‑based systems.

Communication

• Able to clearly communicate technical findings and risk to non‑technical client audiences in a professional consulting setting.

Qualifications

Relevant certifications are not required, but the following (or similar) are beneficial:

GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+
Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous.

The successful candidate must have permission to work in the UK by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% and financial education;
• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Private dental and medical insurance (taxable benefit) for you and your family;
• Virtual GP for you and your family members that live in the same household;
• Various gym discounts for you and your partner;

THE APPLICATION PROCESS 

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process. 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
  
• An final interview to determine alignment with the role. 

Please apply via: Job Application for Technical Lead, Incident Response at S-RM

WHO WE ARE 

S-RM is a global intelligence and cyber security consultancy.  Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.   

We’ve been able to do this because of our outstanding people.  We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.   

But we also know that work isn’t everything. It’s about the lives and careers it helps us build.  We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day. 

We’re excited you’re thinking about joining us. 

WORKING IN CYBER AT S-RM 

Our Cyber Security division is the fastest-growing part of S-RM.  The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever.  

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back. 

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead, you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents affecting cloud platforms, CI/CD pipelines and software delivery environments.

WHAT YOU WILL DO

You will be responsible for leading and delivering technical investigations for clients, including:

• Leading technical incident response engagements from first contact through to closure
• Acting as the primary technical resource on response cases, applying your own expertise and providing guidance to colleagues on the project team.
• Overseeing host‑, network‑ and cloud‑based investigations, including:
• Triage and containment
• System recovery and remediation support
• Technical evidence collection and forensic analysis
• Log, malware and root cause analysis

• Investigating a wide range of incident types, including but not limited to:
• Ransomware and extortion incidents
• Business Email Compromise (BEC)
• Unauthorised access and data breaches
• Incidents involving cloud environments, CI/CD pipelines, automation and software supply chains

• Applying cloud and DevOps‑related expertise where required, for example when incidents involve:
• Compromised cloud identities, APIs or control planes
• Abuse of CI/CD pipelines, source code repositories or secrets
• Infrastructure‑as‑Code and automated deployment workflows
• Developing and sharing domain expertise
  We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives, training and capability development.
• Participating in an on‑call rotation
  Providing 24×7×365 incident response coverage for our clients.

OTHER FEATURES OF THE ROLE

• Variety of casework
  No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries and technology stacks.
• Range of opportunities
  In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident reviews, incident readiness, threat exposure assessments and broader advisory projects.
• Flexible working practices
  Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working arrangements to support wellbeing.

WHAT WE’RE LOOKING FOR

Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM.

That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals who are particularly strong in certain areas and keen to develop in others.

We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds, skills and perspectives.

Experience

• 5+ years’ experience in a technical cyber security, cloud security, DevSecOps, platform engineering or related role.
• Direct experience working in a consulting or in‑house incident response team is beneficial, but not essential.

Approach

• A strong investigative mindset, with the ability to work through complex problems using limited or incomplete information.
• Comfortable operating in high‑pressure, time‑critical client situations.

Technical skillset

• Strong technical foundations suitable for investigating a range of incident types, including ransomware and intrusion scenarios.
• Experience or strong interest in cloud and modern infrastructure, such as:
• AWS, Azure or GCP
• CI/CD platforms and automation
• Identity, logging and audit trails in cloud environments
• Comfortable using scripting and automation to support investigations and analysis.

Threat awareness

• Demonstrable knowledge of cyber threat actors and their tactics, techniques and procedures, including those targeting both traditional enterprise environments and modern cloud‑based systems.

Communication

• Able to clearly communicate technical findings and risk to non‑technical client audiences in a professional consulting setting.

Qualifications

Relevant certifications are not required, but the following (or similar) are beneficial:

GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+
Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous.

OUR BENEFITS  

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• Maternity and paternity benefits including:
• Maternity leave: 26 weeks full pay followed by 13 weeks half pay
• Paternity leave: 6 weeks of full pay
• 25 holiday days per year, which increases with service to a maximum of 30 days + public holidays
• 7% matching pension contribution
• Several options around mobility such as an OV-card or a lease car
• 4 x annual salary life insurance
• EAP for your mental wellbeing, including counselling sessions available to you and your family
• Free access to the world-famous mindfulness app Headspace
• Flexible working hours
• Extensive training available, including through LinkedIn Learning with access to more than 13,000 different courses

 
The successful candidate must have permission to work in the Netherlands by the start of their employment. 

THE APPLICATION PROCESS 

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process. 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
  
• An final interview to determine alignment with the role. 

Please apply via:Job Application for Technical Lead, Incident Response at S-RM

TECHNICAL LEAD, INCIDENT RESPONSE, SOUTH AFRICA

WHO WE ARE

S-RM is a global intelligence and cyber security consultancy.  Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. 

We’ve been able to do this because of our outstanding people.  We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. 

But we also know that work isn’t everything. It’s about the lives and careers it helps us build.  We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

WORKING IN CYBER AT S-RM

Our Cyber Security division is the fastest-growing part of S-RM.  The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever.

We’re building a team to meet this challenge.  We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy.  If your ideas are good enough, we’ll empower you to implement them.  If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.

We also don’t believe there’s a typical cyber security professional.  We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more.  You’ll always find a range of perspectives and expertise to help you learn and grow.

If that sounds like your kind of team, we’d like to hear from you.

THE ROLE

Our Incident Response Consultants are a critical part of our Cyber Security consulting practice’s success. As a Technical Lead, you will deploy your incident response expertise in a senior, client‑facing delivery role across our incident response services.

You will work across the full lifecycle of security incidents to help our clients respond and recover, spanning both traditional incident response scenarios (such as ransomware, business email compromise and intrusion investigations) and modern incidents affecting cloud platforms, CI/CD pipelines and software delivery environments.

WHAT YOU WILL DO

You will be responsible for leading and delivering technical investigations for clients, including:

• Leading technical incident response engagements from first contact through to closure
• Acting as the primary technical resource on response cases, applying your own expertise and providing guidance to colleagues on the project team.
• Overseeing host‑, network‑ and cloud‑based investigations, including:
• Triage and containment
• System recovery and remediation support
• Technical evidence collection and forensic analysis
• Log, malware and root cause analysis

• Investigating a wide range of incident types, including but not limited to:
• Ransomware and extortion incidents
• Business Email Compromise (BEC)
• Unauthorised access and data breaches
• Incidents involving cloud environments, CI/CD pipelines, automation and software supply chains

• Applying cloud and DevOps‑related expertise where required, for example when incidents involve:
• Compromised cloud identities, APIs or control planes
• Abuse of CI/CD pipelines, source code repositories or secrets
• Infrastructure‑as‑Code and automated deployment workflows
• Developing and sharing domain expertise
  We will support you to deepen your technical knowledge and share it across the wider team through internal initiatives, training and capability development.
• Participating in an on‑call rotation
  Providing 24×7×365 incident response coverage for our clients.

OTHER FEATURES OF THE ROLE

• Variety of casework
  No two days are the same. You will respond to a diverse range of incidents across public and private sector clients, industries and technology stacks.
• Range of opportunities
  In addition to incident response, you will have opportunities to contribute to related consulting work such as post‑incident reviews, incident readiness, threat exposure assessments and broader advisory projects.
• Flexible working practices
  Incident response can be intense, high‑pressure work. We are mindful of work/life balance and offer flexible working arrangements to support wellbeing.

WHAT WE’RE LOOKING FOR

Candidates with the following experience and attributes are likely to succeed as Incident Response Consultants at S‑RM.

That said, if you don’t meet every criterion below but are interested in the role, we encourage you to apply. We value individuals who are particularly strong in certain areas and keen to develop in others.

We nurture a culture of equality, diversity and inclusion and are committed to building a workforce with varied backgrounds, skills and perspectives.

Experience

• 5+ years’ experience in a technical cyber security, cloud security, DevSecOps, platform engineering or related role.
• Direct experience working in a consulting or in‑house incident response team is beneficial, but not essential.

Approach

• A strong investigative mindset, with the ability to work through complex problems using limited or incomplete information.
• Comfortable operating in high‑pressure, time‑critical client situations.

Technical skillset

• Strong technical foundations suitable for investigating a range of incident types, including ransomware and intrusion scenarios.
• Experience or strong interest in cloud and modern infrastructure, such as:
• AWS, Azure or GCP
• CI/CD platforms and automation
• Identity, logging and audit trails in cloud environments
• Comfortable using scripting and automation to support investigations and analysis.

Threat awareness

• Demonstrable knowledge of cyber threat actors and their tactics, techniques and procedures, including those targeting both traditional enterprise environments and modern cloud‑based systems.

Communication

• Able to clearly communicate technical findings and risk to non‑technical client audiences in a professional consulting setting.

Qualifications

Relevant certifications are not required, but the following (or similar) are beneficial:

GCFE, GCFA, EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+, Security+
Cloud and platform‑focused certifications (AWS, Azure, GCP, Kubernetes, Terraform) are also advantageous.

The successful candidate must have permission to work in South Africa by the start of their employment.

OUR BENEFITS 

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:

• 23 days holiday per year in addition to public holidays (+1 day for every year of service up to a maximum of 30 days in total);
• Hybrid working and flexible working hours;
• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education;
• Life Insurance 4X annual salary.

Parental Support:

• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.

Various Health and Medical Benefits including:

• Medical Aid (taxable benefit) for you and your immediate family
• EAP program for you and your immediate family;
• Free access to the world-famous mindfulness app.

THE APPLICATION PROCESS 

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process. 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
  
• An final interview to determine alignment with the role. 

Please apply via: Job Application for Technical Lead, Incident Response at S-RM

WHO WE ARE 

The cyber sector is always evolving, and our Advisory, Testing, Incident Response and Forensics practices are in more demand than ever.  

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them.  

We also don’t believe there’s a typical cybersecurity professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to draw on and help you grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

We are looking for a German speaking consultant to join our Cyber Incident Response team as an Engagement Lead.  A successful cyber response only happens when a group of technical experts works seamlessly with a team leader who can get the best out of them.  

Role responsibilities include: 

• Project scoping: you will be a first responder to cyber-attacks, running triage calls with clients to understand the scope of the incident and setting out how S-RM can support. 

• Project management: from that first call to the incident’s conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include: 

• Working with clients to ensure that incidents are contained. 

• Overseeing a team of forensic analysts investigating the incident. 

• Advising strategies for responding to cyber threat actors. 

• Providing crisis management expertise to help clients navigate the incident. 

• Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals.  

We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives. 

WHAT WE ARE LOOKING FOR 

We think candidates with the following skills and experience are likely to succeed as Incident Response Engagement Leads at S-RM.   

You will need great consulting skills and a developed understanding of networks and security technologies. We will prioritise candidates with demonstrable digital forensics and incident response (‘DFIR’) experience, especially those that have worked in an incident handling capacity before. However, we’d encourage candidates with adjacent experience to apply.  We believe that, with the right training, anyone that fits the profile below can make an excellent Engagement Lead.  We have a proven track record of supporting those from diverse backgrounds to develop into this role. 

We’re looking for: 

• Native or professional fluency in German language. 

• Great communication skills. 

• A calm and empathetic style when under pressure. 

• A thoughtful approach to solving problems.  

• An instinct to seek the expertise of others and bring diverse skillsets together.  

• Excellent client service and advocacy skills in your daily work. 

Candidates must have permission to work in South Africa by the start of their employment. 

OUR BENEFITS  

We offer thoughtful rewards and support to help our people achieve a great balance in their professional and personal lives, including:   

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: 

• 23 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 28 days in total)
  
  
• Hybrid working and flexible working hours
  
  
• Medical aid with Discovery Health for employee, partner, and children up to the cost of the Classic 
  Saver plan  
  
  
• Gap Cover policy – allowing you to bridge the gap between your medical bills and your medical 
  aid cover
  
  
• Life insurance – 4x annual salary
  
  
• Disability cover - 75% of annual salary  
  
  
• Private pension – up to 7% contribution matched by the company
  
  
• EAP (Employee Assistance Programme) for employees and immediate family, including 
  counselling sessions
  
  
• Free access to the world-famous mindfulness app Headspace  
  
  
• Seasonal flu vaccination  
  
  
• Eye tests and glasses reimbursement up to certain cost on an annual basis
  
  
• Formalised Recognition programme
  
  
• Hybrid working and flexible working hours
  
  
• Fertility treatment leave – 5 days of leave per cycle of treatment per year  
  
  
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay (after 1 year at the 
  company on the “qualifying week” = 15 weeks before a due date)
  
  
• Paternity leave – 6 weeks of full pay (after 1 year at the company on the “qualifying week” = 15 
  weeks before a due date)  

THE APPLICATION PROCESS 

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process. 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
  
• An final interview to determine alignment with the role. 

Please apply via:  Job Application for Engagement Lead, Incident Response at S-RM

WHO WE ARE

S-RM is a global intelligence and cybersecurity consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. 

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. 

But we also know that work isn’t everything, it’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us.

WORKING IN CYBER AT S-RM

Our Cybersecurity division is the newest and fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Testing, Incident Response and Forensics practices are in more demand than ever.

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them.

We also don’t believe there’s a typical cybersecurity professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to draw on and help you grow.

If that sounds like your kind of team, we’d like to hear from you.

THE ROLE

We are looking for a consultant to join our Cyber Incident Response team as an Engagement Lead.  A successful cyber response only happens when a group of technical experts works seamlessly with a team leader who can get the best out of them.

Role responsibilities include:

• Project scoping: you will be a first responder to cyber-attacks, running triage calls with clients to understand the scope of the incident and setting out how S-RM can support.
• Project management: from that first call to the incident’s conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include:
  • Working with clients to ensure that incidents are contained.
  • Overseeing a team of forensic analysts investigating the incident.
  • Advising strategies for responding to cyber threat actors.
  • Providing crisis management expertise to help clients navigate the incident.
• Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals.

We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives.

WHAT WE ARE LOOKING FOR

We think candidates with the following skills and experience are likely to succeed as Incident Response Engagement Leads at S-RM. 

You will need great consulting skills and a developed understanding of networks and security technologies. We will prioritise candidates with demonstrable digital forensics and incident response (‘DFIR’) experience, especially those that have worked in an incident handling capacity before. However, we’d encourage candidates with adjacent experience to apply.  We believe that, with the right training, anyone that fits the profile below can make an excellent Engagement Lead.  We have a proven track record of supporting those from diverse backgrounds to develop into this role.

We’re looking for:

• Great communication skills.
• A calm and empathetic style when under pressure.
• A thoughtful approach to solving problems.
• An instinct to seek the expertise of others and bring diverse skillsets together.
• Excellent client service and advocacy skills in your daily work.

Candidates must have permission to work in the United States by the start of their employment.

OUR BENEFITS

We offer thoughtful rewards and support to help our people achieve a great balance in their professional and personal lives, including: 

• 20 days holiday per year in addition to 12 public holidays (+1 day for every day of service up to a maximum of 25 days);
• Life insurance – 4x annual salary;
• Matching pension contribution up to 6% (up to a maximum of 12% combined), and financial education;
• Military Leave– to a maximum of 5 years;
• Hybrid working and flexible working hours.
• Parental Support:
• Fertility treatment leave – 5 days of leave per cycle of treatment per year;
• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay;
• Paternity leave – 6 weeks of full pay.
• Various Health and Medical Benefits including:
• 100% Company paid private medical, dental and vision insurance for employee, partner and children;
• Gym discounts for you and your partner;
• EAP programme for you and your immediate family;
• Free access to the world-famous mindfulness app Headspace.

The full salary range for this role is $110,000 - $195,000 + bonus and benefits, however this will be dependent on individual experience and location. This will be discussed further during initial calls.

THE APPLICATION PROCESS

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process.

A typical application process includes:

• Initial screening of your application by our recruiting team.
• An interview to assess your baseline technical skills.
• An interview to discuss your previous experience, broader competencies, and suitability for the role.

WHO WE ARE 

The cyber sector is always evolving, and our Advisory, Testing, Incident Response and Forensics practices are in more demand than ever.  

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them.  

We also don’t believe there’s a typical cybersecurity professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to draw on and help you grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

We are looking for a German speaking consultant to join our Cyber Incident Response team as an Engagement Lead.  A successful cyber response only happens when a group of technical experts works seamlessly with a team leader who can get the best out of them.  

Role responsibilities include: 

• Project scoping: you will be a first responder to cyber-attacks, running triage calls with clients to understand the scope of the incident and setting out how S-RM can support. 

• Project management: from that first call to the incident’s conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include: 

• Working with clients to ensure that incidents are contained. 

• Overseeing a team of forensic analysts investigating the incident. 

• Advising strategies for responding to cyber threat actors. 

• Providing crisis management expertise to help clients navigate the incident. 

• Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals.  

We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives. 

WHAT WE ARE LOOKING FOR 

We think candidates with the following skills and experience are likely to succeed as Incident Response Engagement Leads at S-RM.   

You will need great consulting skills and a developed understanding of networks and security technologies. We will prioritise candidates with demonstrable digital forensics and incident response (‘DFIR’) experience, especially those that have worked in an incident handling capacity before. However, we’d encourage candidates with adjacent experience to apply.  We believe that, with the right training, anyone that fits the profile below can make an excellent Engagement Lead.  We have a proven track record of supporting those from diverse backgrounds to develop into this role. 

We’re looking for: 

• Native or professional fluency in German language. 

• Great communication skills. 

• A calm and empathetic style when under pressure. 

• A thoughtful approach to solving problems.  

• An instinct to seek the expertise of others and bring diverse skillsets together.  

• Excellent client service and advocacy skills in your daily work. 

Candidates must have permission to work in the Netherlands by the start of their employment. 

OUR BENEFITS  

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• Maternity and paternity benefits including:
• Maternity leave: 26 weeks full pay followed by 13 weeks half pay
• Paternity leave: 6 weeks of full pay
• 25 holiday days per year, which increases with service to a maximum of 30 days + public holidays
• 7% matching pension contribution
• Several options around mobility such as an OV-card or a lease car
• 4 x annual salary life insurance
• EAP for your mental wellbeing, including counselling sessions available to you and your family
• Free access to the world-famous mindfulness app Headspace
• Flexible working hours
• Extensive training available, including through LinkedIn Learning with access to more than 13,000 different courses

THE APPLICATION PROCESS 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
  
• An final interview to determine alignment with the role. 

Please apply via: Job Application for Engagement Lead, Incident Response at S-RM

WHO WE ARE 

The cyber sector is always evolving, and our Advisory, Testing, Incident Response and Forensics practices are in more demand than ever.  

We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve.  We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them.  

We also don’t believe there’s a typical cybersecurity professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to draw on and help you grow.  

If that sounds like your kind of team, we’d like to hear from you. 

THE ROLE 

We are looking for a German speaking consultant to join our Cyber Incident Response team as an Engagement Lead.  A successful cyber response only happens when a group of technical experts works seamlessly with a team leader who can get the best out of them.  

Role responsibilities include: 

• Project scoping: you will be a first responder to cyber-attacks, running triage calls with clients to understand the scope of the incident and setting out how S-RM can support. 

• Project management: from that first call to the incident’s conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include: 

• Working with clients to ensure that incidents are contained. 

• Overseeing a team of forensic analysts investigating the incident. 

• Advising strategies for responding to cyber threat actors. 

• Providing crisis management expertise to help clients navigate the incident. 

• Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals.  

We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives. 

WHAT WE ARE LOOKING FOR 

We think candidates with the following skills and experience are likely to succeed as Incident Response Engagement Leads at S-RM.   

You will need great consulting skills and a developed understanding of networks and security technologies. We will prioritise candidates with demonstrable digital forensics and incident response (‘DFIR’) experience, especially those that have worked in an incident handling capacity before. However, we’d encourage candidates with adjacent experience to apply.  We believe that, with the right training, anyone that fits the profile below can make an excellent Engagement Lead.  We have a proven track record of supporting those from diverse backgrounds to develop into this role. 

We’re looking for: 

• Native or professional fluency in German language. 

• Great communication skills. 

• A calm and empathetic style when under pressure. 

• A thoughtful approach to solving problems.  

• An instinct to seek the expertise of others and bring diverse skillsets together.  

• Excellent client service and advocacy skills in your daily work. 

Candidates must have permission to work in the United Kingdom by the start of their employment. 

OUR BENEFITS  

We offer thoughtful rewards and support to help our people achieve a great balance in their professional and personal lives, including:   

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: 

• 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days in total); 

• Hybrid working and flexible working hours; 

• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education; 

• Life Insurance 4X annual salary. 

Parental Support: 

• Fertility treatment leave – 5 days of leave per cycle of treatment per year; 

• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay; 

• Paternity leave – 6 weeks of full pay. 

Various Health and Medical Benefits including: 

• Private dental and medical insurance (taxable benefit) for you and your family; 

• Virtual GP for you and your family members that live in the same household; 

• Various gym discounts for you and your partner; 

• EAP programme for you and your immediate family; 

• Free access to the world-famous mindfulness app Headspace. 

THE APPLICATION PROCESS 

We want to get to know you, and for you to get to know us, to see if we’d be a good fit.  We are responsive and respectful of people’s time throughout our hiring process. 

A typical application process includes:  

• Initial screening of your application by our recruiting team. 

• An interview to assess your baseline technical skills. 

• An interview to discuss your previous experience and broader competencies. 
  
• An final interview to determine alignment with the role. 

Please apply via:  Job Application for Engagement Lead, Incident Response at S-RM

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges. We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

The role

Our Incident Response Technical Leads are a critical part of our Cyber Security division's success. As a Technical Lead, and a subject matter expert, you will deploy your incident response expertise in a senior delivery role across our incident response services. You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Supporting technical incident response from first contact through to closure: you will be the primary technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team.
• Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses.
• Technical evidence collection from clients’ environments to prepare for forensic investigations.
• Providing containment and recovery advice to Client’s during and after cyber incidents.
• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing your expertise with the wider cyber team through internal initiatives and programs.
• Occasionally, you may also be required to provide overarching project management support, including coordinating non-technical workstreams, and providing verbal or in-person client updates.
• Participating in an on-call rotation with the rest of the global cyber team to provide 24x7x365 client incident coverage.

Other features of the role include:

• Leadership: As a senior technical lead, you’ll have an opportunity to help lead the rest of the APAC incident response team, act as an escalation point for more junior colleagues, and help ensure work produced by the team meets quality standards.
• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients. You will have exposure to both regional and international cyber incidents.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.

We're looking for:

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.
• Strong domain knowledge across computer systems and networks, including:
• Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)
• Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
• Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)
• Endpoint Detection & Response solutions.
• The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.
• Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
• You are comfortable using scripting to solve cyber security problems and ideally be able to demonstrate an interest in doing so, e.g. through your own research projects or prior experience.
• A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
• Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
• It is preferred (but not required) that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is also beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
• A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.

The successful candidate must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. (Further details coming soon.)
• Company-paid private medical and dental insurance. (Further details coming soon.)
• Company-paid maternity, paternity and fertility treatment leave.
• Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a year.

The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.

ASSOCIATE, RESTORATION & RECOVERY TEAM

We are looking for talented consultants to join the Restoration & Recovery team within our growing Incident Response practice at an Associate level. These individuals will play a critical role in the continued success of our Cyber Security division. 

You will work across the full lifecycle of security incidents to help our clients respond and recover, including: 

• Overseeing restoration workstreams during Incident Response cases: you will be integral to supporting the Incident Response team to develop bespoke restoration strategies during live incidents, focusing on ensuring security and capability is maintained. 

• Delivering hands-on technical support to assist clients with restoration and recovery during cyber incidents. 

• Leading and developing relationships with supporting restoration partners: in some cases where we need to surge additional resources through our partners, you will need to be able to manage and direct them to achieve a positive resolution. 

• Developing plans, policies, and training: you will be part of a team designed to strengthen the Incident Response process regarding restoration, training the Incident Response team in this area to ensure effective collaboration during cases. 

• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.  

• Participating in an on-call rotation to lead our US & APAC restoration and recovery capabilities, and provide 24 x 7 x 365 client incident coverage.

• On-site Restoration Support: in some cases, it may be beneficial to support clients locally at their data centres or office locations. You may be expected to attend their sites during the early stages of restoration to help support these efforts. The nature of this role means that some overnight and/or international travel is required.  

Other features of the role include: 

• Variety of casework: no day will be the same.  Our team responds to a huge variety of incidents for both public and corporate clients. 

• Developing an understanding of Incident Response: you will have opportunities to broaden your security awareness into the wider incident response process, learning how restoration fits into the bigger picture of a response. 

• Flexible working practices: responding to incidents can be intense, high-pressure work.  We are mindful of our team’s work/life balance and offer flexible working options to support your wellbeing. 

WHAT WE’RE LOOKING FOR 

We are looking for Associates with 3 years or more relevant experience in IT Engineering, System Administration, or Infrastructure and Networking. Candidates will also have a demonstrated track record of deploying their skills specifically in IR scenarios and have experience working on time-sensitive restoration projects for impacted clients. 

Candidates with the following qualifications and experience are likely to succeed as Consultants within our Restoration & Recovery team. That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others. 

We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives. 

We’re looking for candidates with: 

• In-depth knowledge of virtualisation (VMware ESXi / Hyper-V especially) and Cloud-hosted (AWS / Azure / GCP) configuration and implementation 

• In-depth knowledge of Active Directory and Windows Domain functions, implementation, and configuration, including integrations with AzureAD functionality. 

• Demonstratable experience with networking, including configuration of VLAN’s on switches and general configuration and troubleshooting of firewalls. 

• Comprehensive understanding of standard backup solution practices, restoration of data and preparing systems for introduction into production environments. 

It would be advantageous for candidates to poses hands-on technical experience with the following: 

• Microsoft 365, including Exchange Online and Intune 

• Entra ID 

• Cisco networking and firewalls (such as Catalyst and Nexus, ASA and FTD) 

• Linux (such as Ubuntu, CentOS, Debian etc) 

• Virtual Desktop Infrastructure, such as Citrix XenDesktop, VMware Horizon, or Azure Virtual Desktop 

• Hybrid infrastructures, including environments that utilise a combination of on-premise, colo datacentres, cloud, and SaaS. 

Relevant industry certifications are not required for this role. However, holding any of the following is beneficial: 

• Microsoft role-based certifications to either Administrator, Network Engineer, Security Engineer, or Support Engineer level. 

• VMware VCP (Data Centre Virtualisation). 

• Networking Certifications such as CompTIA Network+, Cisco CCNA, or Aruba Certified Professional. 

 OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of:  

• 25 days holiday per year in addition to bank holidays (+1 day for every day of service up to a maximum of 30 days); 

• Hybrid working and flexible working hours; 

• Matching pension contribution up to 7% (up to a maximum of 14% combined), and financial education; 

• Life Insurance 4X Annual salary. 

• Parental Support: 

• Fertility treatment leave – 5 days of leave per cycle of treatment per year; 

• Maternity leave – 26 weeks of full pay followed by 13 weeks of half pay; 

• Paternity leave – 6 weeks of full pay. 

• Various Health and Medical Benefits including:  

• Private dental and medical insurance (taxable benefit) for you and your family; 

• Virtual GP for you and your family members that live in the same household; 

• Various gym discounts for you and your partner; 

• EAP programme for you and your immediate family; 

• Free access to the world-famous mindfulness app Headspace. 

The role will be based in our London office. However, we have flexible working arrangements available. 

ASSOCIATE (FORENSICS LEAD), INCIDENT RESPONSE APAC

Who we are

S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.

We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.

But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.

We’re excited you’re thinking about joining us

The role

Our Incident Response Associates are a critical part of our Cyber Security division's success.

As a Forensics Lead on our Incident Response team, you will deploy your expertise in a delivery role across our various incident response services, with a particular focus on forensic investigations into complex cyber incidents.

You will work across the full lifecycle of security incidents to help our clients respond and recover, including:

• Supporting technical incident response from first contact through to closure: you will be a technical resource on response cases, deploying your own expertise, creating tailored strategies for response workstreams, and offering guidance to colleagues on your project team. You may also be supported by more senior technical team members where appropriate.

Overseeing host- and network-based incident response investigations: including triage, system recovery, technical evidence collection, and forensics, log, malware and root cause analyses..

• Developing and sharing domain expertise: we will support you in growing your cyber expertise, including sharing it with the wider team through internal initiatives and programs.
• Participating in an on-call rotation to provide 24x7x365 client incident coverage.

Other features of the role include:

• Variety of casework: no day will be the same. Our team responds to a huge variety of incidents for both public and corporate clients.
• Range of opportunities: you will have opportunities to broaden your security awareness into testing and advisory projects, in addition to deepening your incident response expertise.
• Flexible working practices: responding to incidents can be intense, high-pressure work. We are mindful of our team's work/life balance and offer flexible working options to support your wellbeing.

We're looking for:

• Direct experience working in an Incident Response or Digital Forensics team is strongly preferred, however, candidates with exposure to working with Incident Response teams, or those in roles reflecting aspects of Incident Response will be considered.
• A fundamental understanding of computer systems and networks, including:
  • Windows systems (e.g. Managing domains services, creating standard build templates, using SCCM, moderate PowerShell capabilities, etc.)
  • Networking (e.g. managing firewall rules, providing guidance around network segmentation, DNS, etc.)
  • Virtualisation technologies (e.g. ESXi, Hyper-V, etc.)
  • Endpoint Detection & Response solutions.
• The candidate must be able to demonstrate experience conducting forensic investigations, in particular relating to Windows systems. Additional experience conducting investigations into Linux and MacOS systems is preferred.
• Demonstrable understanding of core incident response workstreams, including containment and restoration/recovery is a benefit.
• A critical and investigative mindset. You should be comfortable solving problems with limited information and guidance, developing proportionate strategies to achieve timely outcomes.
• Clear demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
• Strong communication skills. You should be comfortable speaking to people at all levels of an organization, from the board of directors to the technical teams.
• It is preferred, but not required, that candidates hold one of the following certifications (or equivalent) GCFE, GCFA, GCIH, GNFA. However, holding any of the following is beneficial: EnCE, CFSR, CISSP, GREM, CCNA, MCFE, OSCP, Network+ and Security+
• A working proficiency in another language (such as Malay, Tamil, Mandarin, Cantonese, Vietnamese) is also beneficial, although not required.

The successful candidate must have permission to work in Malaysia by the start of their employment.

OUR BENEFITS

We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, including:

• 20 days paid holiday each year: in addition to public holidays, as well as 1 additional day of leave for every year you work at S-RM up to a maximum of 5 days.
• Flexible working: work a minimum of two days a week in the office and the remainder remotely, choose your hours between 7am and 7pm.
• Pension scheme: S-RM contributes to Employees Provident Fund (EPF) in accordance with legislative requirements.
• Life Insurance: help someone you love should something happen to you. 
• Company-paid private medical and dental insurance. 
• Company-paid maternity, paternity and fertility treatment leave.

Employee Assistance Programme: free access to specialist support services, including counselling, as well as an online portal of useful articles, tips and tools. Available 24/7, 365 days a yea

The role will be based in our office in Kuala Lumpur. However, we have flexible working arrangements available.