IR Practitioner, Cyber Security Training

🕒 April 14

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of TryHackMe

TryHackMe

51 - 200 employees

Founded 2018

🔒 Cybersecurity

📚 Education

☁️ SaaS

Cybersecurity • Education • SaaS

TryHackMe is an online learning platform that makes learning and teaching cybersecurity accessible and practical through prebuilt courses, cloud-hosted virtual machines (VMs), and hands-on labs designed for CTFs, workshops, assessments, and training. Launched in 2018, the platform emphasizes practical, deployable environments so users can avoid local VM configuration, and it serves millions of learners while supporting both individual and organizational training needs.

📋 Description

• Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). • Draw on your real world IR experience to build realistic, scenario driven labs that reflect how attacks actually unfold in enterprise Windows environments. • Develop and configure virtual machines and sample datasets for realistic cybersecurity labs. • Collaborate closely with your team by sharing expertise, reviewing each other's work, and raising the quality bar collectively. • Take charge of planning and designing portions of the content development roadmap. • Collaborate with the Head of Content Engineering to continuously improve the content development process. • Analyse industry trends in tooling and techniques and recreate them as teachable content. • Strategically plan, review, and schedule content with our blue team content engineering team

🎯 Requirements

• Significant hands on relevant cyber security industry experience in roles such as Incident Responder, Threat Hunter, Digital Forensics Investigator or L3 SOC Analyst. • Proven, hands-on experience responding to real incidents in Windows environments. • Triaging compromised endpoints, analysing forensic artefacts, and reconstructing attacker timelines from initial access through to impact. • Solid grounding in Windows forensics and artefact analysis - event logs, registry hives, NTFS artefacts, and memory/disk forensics - with the ability to extract attacker activity from both live systems and forensic images. • Working knowledge of offensive techniques used against Windows and Active Directory environments, including credential dumping, privilege escalation, Kerberos-based attacks, and lateral movement, and critically, how to detect them in forensic artefacts, contain them during live response, and prevent recurrence. • Hands-on familiarity with attacker tooling and tradecraft - fileless execution, living-off-the-land techniques (LOLBins), common exfiltration methods, and ransomware deployment patterns - including the TTPs of active APT groups and ransomware-as-a-service operators. • Experience with DFIR collection tooling such as EZ Toolset, Velociraptor, KAPE, or equivalent with an understanding of how to conduct IR at scale across enterprise environments. • Strong verbal and written English communication skills.

🏖️ Benefits

• 100% Remote - In a fully digital world, work from anywhere you want! • Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) • Tools - a dedicated work laptop + any accessories you need to do your best work. • Swag Pack - start your TryHackMe journey with a branded swag bundle! • Personal Development - £2,500 training budget to acquire certifications, and more. • Company Retreat - a n annual company retreat, fully paid for by us! • Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. • Health Insurance - if you're in a country that doesn't have public health care. • Enhanced Maternity & Paternity- an enhanced package on top of statutory requirements. • 401k / Pension - TryHackMe makes it easy to save money for your retirement.

Apply Now

Similar Jobs

🕒 April 14

Saviynt

501 - 1000

☁️ SaaS

🔒 Cybersecurity

🏢 Enterprise

Technical Account Manager at Saviynt focusing on identity security solutions and client partnerships. Overseeing technical delivery and ensuring customer success in managing identity governance.

🕒 April 14

Olo

501 - 1000

☁️ SaaS

🛍️ eCommerce

🤝 B2B

Senior Security Engineer at Olo reducing risks and safeguarding data in leading restaurant tech SaaS. Mentoring engineers and executing cross-functional projects with high ownership.

🕒 April 7

Breathe

51 - 200

Business Development Manager leading fire and security service contracts across the UK. Focusing on new customer acquisition and strategic growth with a supportive team.

🕒 April 1

Breathe

51 - 200

Install and commission integrated electronic security systems for a leading Fire & Security company. Manage system handover and customer training while ensuring high standards of project delivery.