Willis Towers Watson Incident Response Specialist in London, United Kingdom

Incident Response Specialist

Date Posted: April 18, 2018


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork



The Senior Incident Response Analyst will lead the investigations of escalated security incidents based on the tiered Incident Response approach. The primary purpose of this position is to serve as an expert in providing technical analysis, assessment and mitigation recommendations for escalated security incidents where deep technical knowledge is required.

The Role

Key deliverables but not limited to:

  • Ensure timely response to any cyber incident to minimise risk exposure and production down time

  • Conduct incident response activities, including advanced investigation (forensic analysis to include evidence seizure and malware analysis) to investigate potential security incidents

  • Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident

  • Analyse and correlate incident data to develop a preliminary root cause and corresponding remediation strategy

  • Evaluate target systems to analyse results of scans, identify and recommend resolutions

  • • Utilise incident response playbooks to follow established and repeatable processes for triaging and containment of an incident

  • Provide timely, comprehensive and accurate information to the CSIRT Manager in both written and verbal communications

  • Advise junior CSIRT team members on the technical steps to take to investigate and resolve cyber security incidents

  • Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimise gaps in response and provide comprehensive mitigation of threats

  • Resolve Security Incidents in a large environment in accordance to NIST 800-61

  • Work with resolver groups to ensure appropriate communication, coordination and closure of incident and problem records

Key relationships

  • Chief Information Security Officer

  • Global Head of IT Infrastructure & Operations

  • Director of Cyber Security

  • Incident Readiness & Response Manager

  • Legal Counsel

  • Compliance

The Requirements

Skills and experience required:

  • Knowledge of the Computer Security Incident Handling Guide, NIST 800-61 r2

  • Professional certifications commensurate with experience, i.e. GCFA, GCIH, etc.

  • Hands on experience with scripting languages such as Python, Perl, Bash, PowerShell or similar

  • Knowledge of privilege escalation, persistence and lateral movement techniques

  • Knowledge of common malware and exploit tools and techniques

  • Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales

  • Sound experience with chain of custody, forensic tools and methodologies

  • Knowledge of Cloud security and incident response in a Cloud environment

  • Understanding of the Kill Chain and Diamond Method of Analysis

  • Ability to communicate technical details in writing and verbally to non-technical and junior CSIRT team members

  • Experience in developing and maintaining Play Books

  • Strong critical thinking and analytical problem-solving skills

  • Work and communicate within a global team environment


  • Experience in the Cybersecurity field

  • Skilled in Information Technology experience with Windows OS platform

  • Level 2 (or above) as Cyber Security Incident Response Analyst performing incident handling, forensics, sensor alert tracking and cybersecurity incident case management

  • Skilled with working with security technologies such as IDS/IPS, Firewalls, SIEM, Network Packet Analysers, Antivirus, Network Behavior Analysis tools, Malware analysis, Firewalls, DLP, endpoint protection, log collection and analysis

  • Strong working knowledge of security relevant data, including network protocols, ports and common services such as TCP/IP protocols and application layer protocols (e.g., HTTP/S, DNS, FTP, SMTP, etc.)

The Company

Willis Towers Watson is a leading global advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. With roots dating to 1828, Willis Towers Watson has 40,000 employees serving more than 140 countries. We design and deliver solutions that manage risk, optimize benefits, cultivate talent, and expand the power of capital to protect and strengthen institutions and individuals. Our unique perspective allows us to see the critical intersections between talent, assets and ideas – the dynamic formula that drives business performance. Together, we unlock potential. Learn more at willistowerswatson.com .

Willis Towers Watson is an equal opportunity employer

Willis Towers Watson believes that effectively managing a diverse workforce is vital to our business strategy. We have an obligation to our organization, ourselves and our clients to hire and develop the best people we can find. We will continually review our policies and practices to ensure that all areas of the employment process (including recruiting, hiring, work assignments, compensation, benefits, promotions, transfers, company-sponsored development programs and overall workplace experience) are free from discriminatory practices. We are committed to equal employment opportunities at Willis Towers Watson.

Unsolicited Contact: Any unsolicited resumes/candidate profiles submitted through our web site or to personal e-mail accounts of employees of Willis Towers Watson are considered property of Willis Towers Watson and are not subject to payment of agency fees. In order to be an authorized Recruitment Agency/Search Firm for Willis Towers Watson, any such agency must have an existing formal written agreement signed by an authorized Willis Towers Watson recruiter and an active working relationship with the organization. Resumes must be submitted according to our candidate submission process, which includes being actively engaged on the particular search. Likewise, for our authorized Recruitment Agencies/Search Firms, if the candidate submission process is not followed, no agency fees will be paid by Willis Towers Watson. Willis Towers Watson is an equal opportunity employer.


Not ready to Apply? at https://willistowerswatson.avature.net/WTWTalentNetwork


  • Share on Facebook

  • Share on Twitter

  • Share on Google+ Share on Pinterest

  • Share on Linkedin

  • Share by Mail


  • Location:London, England, GBIpswich, EnglandReigate, England

  • Date Posted:April 18, 2018