Use your LinkedIn profile to find the right job match for you.

Job Match
Skip to main content

Incident Response Security Architect Consultant

,Remote - United Kingdom (London-Thames Valley), Remote - Germany (All Other)

Apply now
Job ID R042186 Date posted Oct. 29, 2019

Incident Response Security Architect Consultant - Secureworks

IR Consulting Group

The Incident Response Security Architect will be responsible for communicating, planning, and directing clients in preparation and response to major incidents affecting core infrastructure like Active Directory and Remote Access (VPN, RDP, MFA). As the Service Technical SME, expanded responsibilities include presentations and supporting other teams like Red Team, Pentest Team, GRC, Countermeasures, Threat Hunting, Reverse Engineering, and SOC Operations.

Role Responsibilities:

Proactive Services regarding core security infrastructure:

  • Work with clients to audit existing security controls, practices, and ability to gather relevant telemetry
  • Be a key stakeholder in developing delivery processes for client facing runbooks
  • Provide SME input to SCWX counter measures and malware analysis teams
  • Mentor/Train teams and help keep them updated with changes, regarding analysis

Reactive Services regarding core security infrastructure:

  • Supervise and coordinate with multiple teams, including client and other external entities, participate in various workstreams (such as AD Review or MFA implementation team)
  • Guide cybersecurity incident response monitoring and auditing activities for client engagements. Develop detailed tasks for clients to execute during a cybersecurity incident, such as:
    • Scripts to enhance and enforce security of AD environment
    • Enterprise wide credential reset, including Unix environments
    • Monitoring tasks
    • Auditing tasks
  • Develop architectural recommendations and advice during a cybersecurity incident, such as:
    • Implementation of MFA
    • Modification of Remote Access processes
    • Gathering, Recording, Retaining Telemetry (Logging


  • Understanding and demonstrated experience with incidence management (IR/CSIRT/CERT) and/or SOC
  • Security control experience around remote access, multi factor authentication (MFA) and Active Directory:
    • Understanding and demonstrated experience in managing security controls from either of administrating/deploying/consultancy etc
    • Knowledge of common attacks on the security controls
  • Proven experience in both offensive and defensive security operation disciplines
  • End-to-end incident investigation and triage
  • More than one of the following information security-related qualifications: CFCE, GCFA, GNFA, GCIH, GCFE, GREM, OSCP, CISSP or demonstrable equivalent experience and capability to obtain certifications listed above
  • Ability to work independently; be a self-starter and highly motivated
  • Demonstrated ability to work with large enterprises, interfacing with management and technical personnel
  • Previous experience in conducting information security compromise assessments
  • Previous experience in building and delivering technical training
  • Flexibility and ability to travel throughout EMEA, and support large global engagements
  • Understanding of at least one framework: ISO 27001/2, FISMA, PCI, HITRUST, NIST 800-series, CoBIT, etc
  • Willingness to travel upto 20% including at short notice


  • Undergraduate and Graduate degree in Computer Science or directly related, i.e. Computer Forensics
  • Project management experience working with multiple teams, to include negotiating timelines and project requirements
  • Excellent verbal and written communication skills
  • Proficient in bash and PowerShell scripting
  • Implementation of security best practices technologies, including features in Windows 10
  • Prior experience as systems administrator in an enterprise environment
  • Implementation of multifactor authentication in enterprise environment


Candidates should be based ideally in UK but we're open to other locations within the EU.

Life at Secureworks means collaborating with dedicated professionals with a passion for technology. When we see something that could be improved, we get to work inventing the solution. Our people demonstrate our winning culture through positive and meaningful relationships. We invest in our people and offer a series of programs that enables them to pursue a career that fulfils their potential. Our team members’ health and wellness is our priority as well as rewarding them for their hard work.

As a leading technology employer, we actively encourage further development for our employees. This is done through our range of internal training programmes, training affiliation with SANS GIAC, various vendors, encouragement for the team to go technology conferences or even our regular company hackathons.

Secureworks, a Dell Technologies company, is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Secureworks are based on business needs, job requirements and individual qualifications, without regard to race, colour, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Secureworks will not tolerate discrimination or harassment based on any of these characteristics. 

Employees at work Explore This Location

Related Stories