Managing Consultant - Digital Forensics and Incident Response

Security Services London, United Kingdom


Position at Trustwave

About Trustwave

Trustwave is a leading cybersecurity and managed security services provider focused on threat detection and response. We uncover threats that others can’t and respond quicker than others can to protect against the devastating impacts of cyberattacks. We’re a world-class team of cyber consultants, threat hunters and researchers serving clients in 96 countries. At Trustwave, you can learn alongside the best, make a personal impact on a global scale, and solve new challenges every day. Learn more about us at

The Team:
SpiderLabs is Trustwave’s elite security team focused on digital forensics, incident response, penetration testing, application security and threat intelligence.

The role:
This position is a leadership role for our EMEA Response team. Your primary role will be leading a team helping customers prepare for and respond to computer security breaches,  and will need to be prepared to work with both small and large organizations of varying levels of technical maturity. The team’s work is a mix of onsite breach investigations, remote analysis, running table top exercises and attack simulations, testing detection and response tools and implementations, and assisting in the writing of Incident Response Plans. You will also be required to qualify as a PCI Forensic Investigator.

Your skills and expertise:
The ideal applicant will:

  • Have several years’ experience in digital forensics and/or incident response
  • Be happy to work independently, and get engaged in online chats with a globally distributed team
  • Have experience with investigating compromises involving large enterprise environments, web applications and credit card processing environments
  • Have experience with forensic tools – you’ll have access to Encase, W-ways, Axiom, Carbon Black and Cyber Reason, along with whatever open source tools you prefer and other commercial tools you can convince us to buy
  • Be a fast and lifelong learner
  • Be comfortable chasing malware through systems and familiar with persistence mechanisms, injection methods and detection/evasion techniques.
  • Have the ability to lead teams of both direct as well as indirect reports and the ability to foster and develop strong client relationships.

Knowledge of key forensic artifacts in both Windows and *Nix systems. Be able to articulate their significance to an investigation.

  • Experience in payment card forensics (under the PCI PFI program) desirable.
  • Experience with scripting in Perl/Python/Ruby very desirable.
  • Experience with both desktop-based and server-based forensics.
  • Comfortable working in a *nix environment.

Bonus experience

  • Contributions to the DFIR community, Blog, twitter, git repos.
  • Conference presentations (but paid marketing events don’t count).
  • Penetration testing experience.
  • Knowledge of and demonstrable experience with a wide range of different attack tools.
  • Application testing skills.
  • Reverse engineering skills.

 Other Requirements

  • Demonstrated leadership experience
  • Strong report writing skills (yes this is the third time we have mentioned it)
  • Strong communications skills
  • Ability to travel approx. 25%
  • Ability to identify potential new business opportunities within the client base
  • A high school diploma or equivalent is required; a college or university degree is a plus.

Why join us?

Trustwave is an Equal Opportunity Employer committed to providing a working environment that embraces and values diversity and inclusion. When you join Trustwave, you join a unique global family with more than 20 years of history focused on helping you shape and grow your career. We have an entrepreneurial spirit and industry vision that has helped assure our products and services are always on the very forefront of technological development. When you ride the wave, you’ll work with a group of people who share common goals, are driven by a similar passion, and value the expertise of their peers. Interested in joining our team? Apply online now.  We look forward to talking to you.

This is a remote opportunity open to anyone legally authorized to work in the UK. Guided by our flexible workplace philosophy, Moments That Matter, people gather in the office when in-person interaction is most impactful; full-time remote employees may be asked to travel occasionally based on the needs of the team and the business.

To All Agencies:

Please, no phone calls or emails to any employee of Trustwave outside of the Talent Acquisition team. Trustwave’s policy is to only accept resumes from agencies via the Trustwave Agency Portal. Agencies must have a valid fee agreement in place and they must have been assigned the specific requisition to which they submit resumes, by the Talent Acquisition team. Any resume submitted outside of this process will be deemed the sole property of Trustwave and in the event a candidate is submitted outside of this policy is hired, no fee or payment of any kind will be paid.