Connecting to LinkedIn...


Contract Type: Permanent
Location: Berkshire, England
Salary: Negotiable
Start Date: ASAP
REF: SM-CSIR/BERK/ROB_1557334204
Contact Name: Robert Hudson
Contact Email:
Job Published: about 1 year ago

Job Description

Senior Manager - Cyber Security Incident Response

Working for a major IT / telecoms company, we have an opportunity to lead their cyber security incident response and resolution team. Along with Cyber security incident management, this role will also be responsible for bringing in and implementing new methodologies for incident detection and network defence taking the global security operations centre to the next level of cyber defence.

Global Security Operations are responsible for monitoring security and managing security incidents across the group function. The GSOC minimises risk exposure by detected threats towards its infrastructure and resolving cyber security incidents.

What will you be doing?

- Leading in cyber security incident resolution, taking an incident though the full life cycle

- Writing complex reports around security incidents and presenting outcome and learnings to management

- Leading the threat hunting and attack path mapping programs

- Stakeholder management and business influencing skill to ensure incident objectives are met

- Managing and developing a small team of capable security professionals

- Being able to understand complex IT environments with a broad range of knowledge around networking, system administration, database platforms and develop defensive methodologies around likely methods of attack.

- A self-starter is required for this role and the successful applicant will be able to demonstrate taking ownership of and responsibility for resolving issues.

- The role will be predominantly Mon-Fri office hours, although some out of hours support is envisaged.

- Closely working with the analyst team within the GSOC

Are you right for the role?

The successful candidate will have the following experience:

- Incident report writing

- Excellent written and verbal communication skills

- Proven people management and team development

- In depth knowledge of technical security systems, security architecture, security technology, and associated penetration testing and Security Event Management methodologies.

- Identification of malware types, infection methods, providence and objective of the malware. This will also require extraction of IoC's and TTP's

- Experience of other security technologies & defences such as Firewalls, Snort, Bro, Intrusion Detection System (IDS) monitoring and custom rule creation (YARA), TCP/IP Networking, WireShark, TCPDump, Netflow analysis.

- Sandboxing technologies such as Cuckoo and Malware reverse engineering IE IDA Pro, ole debugger (both static and dynamic analysis required), and a good understanding of REMnux

- In depth understanding of IT systems and technologies (e.g. Linux and Windows operating systems, E-Mail, Proxies, Endpoint Protection).

- In depth knowledge of Cyber Security Methodologies including the Cyber Kill Chain, Mitre Att&ck Framework, NIST

- Knowledge of SIEM products (IE ArcSight, Nitro, Q-radar, Splunk)

- Understanding DFIR toolsets (e.g. Volitility, SIFT Workstation) memory and file system analysis, and attack vectors.

- Knowledge of Data Protection (GDPR) and its role within a business.

- Ability to identify developing patterns and trends in data.

- Must have the ability to work independently and take initiative.

- Must have previously worked in a Cyber Security Incident Response role

Desirable experience:

- Experience of general IT Audit processes and conducting risk assessments.

- Experience of security operations activities to support PCI:DSS / SOX and internal and external audits against ISO 27001/27002 relating to security operations.

- Experience of configuring and working with SIEM systems / other security toolsets, and freeform investigations in these systems.

- Knowledge of Web Applications.

- Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Reverse Engineering Malware (GREM) would be an advantage.

- Must have or be able to attain and maintain NPPV SC Clearance.

- Ideally educated to degree level or holding a professional qualification e.g. CISSP, CISA.

Project People is acting as an Employment Agency in relation to this vacancy.