TryHackMe

IR Practitioner, Cyber Security Training

TryHackMe

full-time

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis).
  • Draw on your real world IR experience to build realistic, scenario driven labs that reflect how attacks actually unfold in enterprise Windows environments.
  • Develop and configure virtual machines and sample datasets for realistic cybersecurity labs.
  • Collaborate closely with your team by sharing expertise, reviewing each other's work, and raising the quality bar collectively.
  • Take charge of planning and designing portions of the content development roadmap.
  • Collaborate with the Head of Content Engineering to continuously improve the content development process.
  • Analyse industry trends in tooling and techniques and recreate them as teachable content.
  • Strategically plan, review, and schedule content with our blue team content engineering team

Requirements

  • Significant hands on relevant cyber security industry experience in roles such as Incident Responder, Threat Hunter, Digital Forensics Investigator or L3 SOC Analyst.
  • Proven, hands-on experience responding to real incidents in Windows environments.
  • Triaging compromised endpoints, analysing forensic artefacts, and reconstructing attacker timelines from initial access through to impact.
  • Solid grounding in Windows forensics and artefact analysis - event logs, registry hives, NTFS artefacts, and memory/disk forensics - with the ability to extract attacker activity from both live systems and forensic images.
  • Working knowledge of offensive techniques used against Windows and Active Directory environments, including credential dumping, privilege escalation, Kerberos-based attacks, and lateral movement, and critically, how to detect them in forensic artefacts, contain them during live response, and prevent recurrence.
  • Hands-on familiarity with attacker tooling and tradecraft - fileless execution, living-off-the-land techniques (LOLBins), common exfiltration methods, and ransomware deployment patterns - including the TTPs of active APT groups and ransomware-as-a-service operators.
  • Experience with DFIR collection tooling such as EZ Toolset, Velociraptor, KAPE, or equivalent with an understanding of how to conduct IR at scale across enterprise environments.
  • Strong verbal and written English communication skills.
Benefits
  • 100% Remote - In a fully digital world, work from anywhere you want!
  • Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm)
  • Tools - a dedicated work laptop + any accessories you need to do your best work.
  • Swag Pack - start your TryHackMe journey with a branded swag bundle!
  • Personal Development - £2,500 training budget to acquire certifications, and more.
  • Company Retreat - a n annual company retreat, fully paid for by us!
  • Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches.
  • Health Insurance - if you're in a country that doesn't have public health care.
  • Enhanced Maternity & Paternity- an enhanced package on top of statutory requirements.
  • 401k / Pension - TryHackMe makes it easy to save money for your retirement.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cyber security training material developmentincident responsethreat huntingdigital forensicsWindows forensicsforensic artefact analysistriaging compromised endpointsattacker activity reconstructionoffensive techniquesdetection of forensic artefacts
Soft Skills
collaborationcontent development planningteamworkcommunication