Role: CERT Consultant / Cyber Security Consultant
Location: Reading (Hybrid)
*This role is responsible for providing subject matter expertise and guidance to Security professionals and Partners that own the day to day safeguarding of customer information and physical assets of the company
* Provide oversight and governance of our Security Operations Centre (SOC) to assure operational effectiveness to identify and detect security threats, coordinating an effective rapid response and recovery.
* Responsible for Vulnerability / Threat Management and Security Critical Incident Response
* Establish, monitor, evaluate and report in a professional manner; clearly highlighting the current state of Security Operations and any associated risks
* Responsible for the tactical management of cyber security incidents; the direction of response activities (in accordance with NIST SP800 60 R2); including the supervision of Cyber Security Analysts.
* Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
* Effective governance of external partners and internal teams to deliver and assure Security Operations services to the business
* Effective governance of the Vulnerability Management programme
* Effective governance of Threat Management and Security Incident Response capabilities
* Lead appropriate and focussed Cyber Threat Intelligence (CTI) services
* Lead and assure effective intelligence led Threat Hunting capability
* Lead and assure effective cyber threat detection capability
* Develop and contribute to documentation required by Security Operations functions and capabilities
* Support the Security Operation Lead in technical and strategical decision making
* Must have at least 5 years' experience working in cyber security operations.
* Must have practical experience of working in a security incident response team and leading the technical response to cyber security incidents and be able to act as the incident manager.
* Must have experience working with cyber security tools and technologies including endpoint security, email security, network security tools, SIEM and SOAR etc, and be able to optimise such tools.
* Must have a have experience in Vulnerability / Threat management including threat intelligence and threat hunting.
* Must have good written and oral communication skills, including incident reporting and stakeholder management.
* Must have experience in creating and documenting processes (processes, procedures, playbooks etc).
* Must have experience working at pace within a complex operational environment / large enterprise network.
* Must have the ability to develop use cases / detections based on frameworks such as MITRE ATT&CK.
* Responsible for mentoring cyber security analysts to develop, improve skills and knowledge.
* Security related certifications are desirable, particularly blue team certs such as SANS / GIAC.
* Understanding of cyber security standards and frameworks (ISO27001, NIST, SANS, OWASP etc).
* Scripting knowledge would be an advantage including PowerShell, Python, and Bash etc.
* Up-to-date knowledge of current exploits, vulnerabilities, threats, and security analysis techniques.
* Knowledge of TCP/IP, network protocols, OSI model, routing and switching and packet analysis tools.
* Experience of conducting deep level investigation and analysis, such as malware reverse engineering, using different toolsets is desirable.
* Understanding of various operating systems, including Windows and Unix.
* Knowledge of penetration testing processes and techniques is desirable.
* Working knowledge of one or more SIEM solutions.
If this looks interesting click on APPLY!
Project People is acting as an Employment Agency in relation to this vacancy.