This role will lead the Security Response approach at our clients organization, focusing on the development of toolsets, processes, and capabilities to ensure the effective operation of our world-class Security Operations Centre.
PLEASE NOTE THIS ROLE REQUIRES SHIFT WORK
Responsibilities include managing security investigations initiated by our managed security services (SOC) or generated by our security tools.
You will also play a crucial role in responding to significant incidents.
The primary focus of this role is to leverage our deployed technology and capabilities to enhance alerting, conduct security investigations, and collaborate with other teams and service providers to resolve incidents.
As part of the Cyber Security Team, you will contribute to the growth and improvement of our operational security capabilities.
There will be opportunities to work on new Security Projects and provide advisory support to other business units on best practices. Building strong relationships with key stakeholders in Risk, Technology, and Operations is essential, as you establish yourself as a subject matter expert in cyber security within the organization.
* Lead Analyst and Incident Investigator, responsible for assessing and investigating escalated threats to the security team.
- Serve as the main point of contact for our Cybersecurity Lead, ensuring thorough investigation of raised security alerts.
- Manage variable shift patterns, including days, evenings, and nights.
- Identify security improvement opportunities and collaborate with infrastructure teams for effective implementation.
- Develop operational metrics and dashboard reports to assess the operational security posture.
- Support operational security projects and participate in Technical Design Forums and Change Control processes as needed.
- Evaluate and review products that enhance our security capabilities, including analysis tools, detection technologies, and emerging solutions.
- Contribute to SIEM use case development and optimization.
People Management Responsibilities:
- Provide guidance and mentorship to SOC analysts, including apprentices and cyber security analysts.
- Possess strong communication and presentation skills to effectively convey technical information to a wide range of stakeholders, including reporting findings to senior leadership.
- Demonstrate the ability to work independently to achieve personal and team objectives, while effectively collaborating with relevant teams.
- Exhibit solid knowledge of networking principles, including LAN, TCP/IP, OSI Model, DNS, DHCP, Wi-Fi, Routing, VPN, Firewalls, Load Balancing, and IPv4.
- Possess an understanding of key Windows domain services, such as Active Directory, Exchange, and Windows Server environments.
- Have experience in implementing security best practices for end user devices (workstations) and hardening servers.
- Familiarity with essential security technologies, such as IDS, Web content filters, AV, SIEM, Vulnerability Management, Firewalls, and an understanding of their role in a layered security approach.
- Demonstrate proficiency in cloud platforms, particularly Azure and AWS.
- Have practical experience using Elastic Search for data analysis.
- Possess knowledge and understanding of ITIL (Information Technology Infrastructure Library) practices.
- In-depth understanding of the Mitre Att&ck framework.
- Have a minimum of 3 years of experience in security incident management.
Due to the nature of the role and business this role is 5 days a week onsite
Bonus, Car Allowance and Shift Allowance