At Quorum Cyber, we're on a mission to help good people win. Founded in Edinburgh in 2016, we're one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents.
We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape.
As a Microsoft-only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.
In September 2024, Quorum Cyber acquired Canada-based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US-based, Kivu Consulting, a global cyber security firm with world-leading incident response capabilities.
To lead and conduct complex cyber security incident investigations, providing expert technical analysis, guidance, and strategic advice to customers. This role combines advanced digital forensics, threat analysis, and incident response leadership with consulting, mentoring, and readiness activities that strengthen customer resilience and support Quorum Cyber's mission to protect organisations from harm.
Incident Investigation & Analysis
-
Lead investigations into complex incidents and threats across diverse technologies and environments. This involves working outside of core hours as required.
-
Perform advanced host, network, and memory forensics, including Windows, Linux, macOS, and multi-cloud artefact analysis.
-
Identify threat actor tools, tactics, and procedures (TTPs).
-
Analyse logs, network traffic, disk images, and volatile artefacts to determine attacker intent, actions, timelines, and impact.
-
Ensure evidence collection and handling follow best practice, including documentation and chain-of-custody standards.
-
Maintain deep situational awareness of emerging threats, malware families, and evolving threat actor behaviours.
-
Interact with customer stakeholders, legal teams, technical staff, and executive leadership during incidents.
-
Improve internal and customer incident detection, escalation, containment, and response processes.
-
Collaborate with the Threat Intelligence team to integrate findings and enrich intelligence outputs.
Consulting, Advisory & Customer Engagement
-
Communicate investigative findings, recommendations, and strategic guidance clearly to technical and non-technical audiences.
-
Provide consultative advice that links threats to business risks, helping customers make informed risk-management decisions.
-
Assist internal and external teams with technical and privacy/security risk mitigation activities.
-
Deliver Incident Response Readiness Assessments of customer IR plans, playbooks, and response capability.
-
Provide executive and board-level training on cyber security and incident response.
-
Facilitate cyber incident tabletop exercises to help customers test and improve their readiness.
Other
-
Mentor junior IR team members, providing coaching, technical guidance, and quality assurance.
Technical Skills
-
Advanced forensic analysis across Windows, Linux, macOS, and cloud platforms.
-
Memory forensics Analysis.
-
Network traffic and log analysis, including firewall, endpoint, web, authentication, and cloud telemetry.
-
Deep understanding of enterprise security controls (e.g., Active Directory, identity systems, network architectures).
-
Proficiency with EDR and SIEM platforms for investigation and threat hunting.
-
Experience with Microsoft aligned security stacks.
-
Ability to identify attacker behaviour patterns, extract IOCs, and map findings to threat actor TTPs.
-
Experience handling and preserving digital evidence to defensible standards, including chain of custody.
-
Experience building scripts, playbooks, or tooling that automate or enhance investigation workflows.
Soft Skills / Behaviours
-
Strong written and verbal communication, able to convey complex findings with clarity.
-
Customer-centric mindset with an ability to build and maintain strong relationships.
-
Ability to think clearly and make sound decisions under pressure.
-
Analytical and detail-focused, with a curious and investigative mindset.
-
Effective collaboration across teams and disciplines.
-
Ability to mentor, influence, and support the development of junior colleagues.
-
I lead incident investigations that reach timely, effective, and well-evidenced resolutions.
-
Customers express trust and satisfaction following incident handling, reporting, and debrief sessions.
-
I deliver impactful readiness assessments, training sessions, and cyber exercises that improve customer resilience.
-
I mentor junior team members and help raise the capability of the entire IR function.
-
I actively improve methodologies, tooling, and processes that escalate Quorum Cyber's overall IR maturity.
You will get an excellent salary, with world class benefits.
As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.
"Our diversity is a huge part of our success, and collecting data during the hiring process helps us understand how to keep strengthening and supporting that diversity."
We are an equal opportunity employer. We are committed to fostering an inclusive, accessible, and equitable workplace where all qualified applicants receive fair consideration. We do not discriminate on the basis of race, national or ethnic origin, colour, religion, age, sex, sexual orientation, gender identity or expression, marital status, family status, disability, or any other characteristic protected under applicable federal, provincial, or territorial human rights legislation.
The information requested below is collected to help us meet our employment equity and reporting obligations, and to support our ongoing diversity and inclusion initiatives. Providing this information is entirely voluntary. It will not be shared with hiring managers and will not be used in any hiring decision. Declining to provide this information will not affect your application in any way.
