Share this Job

Cyber Incident Response Analyst

Date: 19-Mar-2019

Location: Peterborough, United Kingdom

Company: Thomas Cook

Over 175 years ago, our founder Thomas Cook began this company with a vision to ‘broaden the mind of others and break down the partition walls of prejudice.'

Once describing himself as ‘the willing and devoted servant of the travelling public,’ Thomas Cook was a true pioneer of the travel industry, opening up a world of new destinations and new travel experiences to everyone. By obtaining the best services and prices for his customers, he laid the foundations of the company that still bears his name today.

Thomas Cook is now one of the world’s leading leisure travel groups, supported by around 22,000 colleagues and operating from 15 countries.

Our vision today remains true to Thomas Cook’s ambitions - to be the world’s most loved holiday company.

Job Purpose

This role is within our CSIRT team and looking into day to day cyber incidents raised by our colleagues across TCG. The role required a solid analytical skills and ability to correlate various event and evidence to make a proper judgment call. Often to achieve our goal we most get involve and perform various technical tasks, or built the toolset to carry on with our investigation or BAU task.  This role is a very interesting and exciting role within cybersecurity, and there are plenty of rooms for self-development and improvement both for individual and the team.


Key accountabilities and decision ownership:

•    Perform analytics using the Lockheed Martin cyber kill chain/diamond model, understanding the current status of DAN and perform remediation work to improve the Thomas Cook networks

•    Perform cybersecurity incident investigations that involve cybercrimes and require log, forensic and malware analysis

•    Collect and analyse SIEM, IDS/IPS, Proxy, AV, firewall logs, network traffic logs, and host system logs to provide maximum benefit and reduce overall cyber risk

•    Responsible for providing input and liaising with stakeholders to determine impacts, workarounds, analytical analyses performed and provided recommendations both in written and oral.

•    Perform forensic analyses to identify anomalies and presence of any malware, malware capabilities/actions and what actions the malware took

•    Conduct security investigations in Linux and Windows environments

•    Support enhancement, improvement, and delivery of monitoring and response methods, procedures and processes to reduce risk

•    Track cyber threat actors/campaigns based on technical analysis and open source intelligence.


Skills, know-how, and experience:

Must have:

•    Previous experience within a cybersecurity incident response team /Blue Teaming

•    Demonstrates a good knowledge and understanding of cyber security attack techniques and threats, with a strong technical background

•    Knowledge of current forensic and IR tools, techniques and procedures

•    Strong knowledge of Windows operating system including the kernel, registry, file system, windows APIs and windows IPC mechanisms

•    Understanding of Linux operating system and associated file systems

•    Scripting/programming experience (Python, PowerShell, JavaScript VBA)

•    Proficient in log analysis of multiple types and ability to correlate events from various sources to create a timeline analysis across endpoints of an incident

•    The ability to pro-actively identify cross-functional threats

•    Strong analytical skills, capable of analysing complex technical information to determine patterns, trends, and linkage.

•    Excellent written and verbal skills, with the ability to translate complex concepts into easily understood principals.

•    Exceptional organisational skills, to include detailed note taking abilities



•    Experience working with Enterprise networks

•    Memory analysis skills

•    Ability to analyse complex network packet captures

•    Dynamic  and astatic malware analysis and sandboxing


Technical / professional qualifications:

•    GCIH  or equivalent

•    CCNP Security

•    GCFA

•    GNFA


Life at Thomas Cook is fast-paced and full of opportunities. We’re a leading international travel company that believes in empowering our people, so when you join us, you’ll be given the chance to create, learn and innovate. You’ll also be given the support and training you need to develop your career in the direction you choose.

As you might expect, our holiday benefits are something special. We’ll give you an allowance towards your holiday every year, depending on how long you’ve been with us.  There are also special last minute employee deals, which give you the opportunity to pick up a holiday at an outstanding price. Working for Thomas Cook, you can travel the world for less.

We also offer a flexible benefits package that gives you a range of options to ensure your benefits match your lifestyle.

Find similar jobs: