Cyber Security Incident Response Lead Location
: London or NottinghamPosition
: Full-time; Permanent
Our team have been well utilised during the pandemic due to a combination of new enterprise and FTSE listed customers, and increased activity right across the cyber security arena. In addition to ongoing hiring in Engineering, the SOC, R&D, Sales and other areas, we are now looking for an experienced Cyber Security Incident Response Lead.
This Incident Response Lead role will act as a subject matter expert and lead the Incident Response capability for the Security Operation Centre. They will help identify, implement, and document appropriate methodologies and provide instruction to the SOC team in delivering these areas to customers.Duties and Responsibilities
- Assist the SOC Manager in providing Day to Day management of SOC Analysts and associated activity, with emphasis on the incident response activity.
- Assist the SOC Manager in maturing Incident Response methodologies.
- Working with the SOC analysts to carry out in-depth investigation on Security events, raise incidents and support the Incident Management process.
- Support SOC Analysts in delivering real time proactive monitoring and response.
- Provide targeted threat intelligence analysis to better target threat hunting activity.
- Provide remote incident response activities and advice, to support customers during and immediately after security incidents.
- Produce and maintain operational processes and procedures.
- Create and maintain SIEM correlation rules, signature creation for supported NIDS/NIPS and Endpoint Protection products from the analysis of malware samples & output of incident investigations.
- Supporting multiple customer environments concurrently.
- Provide analysis and trending of security log data and network traffic from a large number of monitoring points.
- Support Playbook development and automation activities.
- Other duties as assigned.
- Has a passion for security and enjoys solving problems.
- Good knowledge of Cyber Security Incident Response processes & procedures.
- Excellent knowledge on the fundamentals of Windows and Unix systems including MacOS & Linux distributions.
- Good understanding of static and dynamic binary analysis.
- Good understanding of host forensics, memory forensics and network forensics.
- Proficient with automation using languages such as Python.
- Experience working with SIEM systems
- In-depth knowledge of the security threat landscape
- Ability to multi-task, prioritize, and manage time effectively.
- Strong attention to detail
- Excellent interpersonal skills and professional demeanour
- Excellent verbal and written communication skills
- Excellent customer service skills
- Experience in mentoring and training SOC Analysts.
- Industry standard certifications such as: CREST CRT, CREST CCT, OSCP, CHECK, GIAC GCFA, GNFA, GREM.
- 3+ years' experience as an Incident Responder or equivalent
- Bachelor's degree in a related field or equivalent experience and knowledge
- Experience of working in an MSSP/MDR SOC environment.
- Ongoing training and development
- Career opportunities both in the short and long term
- Company pension scheme
- Private healthcare
- 33 days holidays per annum inclusive of Bank Holidays
- Fun working team atmosphere
- Shopping discounts
- Regular team social engagements
We are not accepting CV's from external resources and agencies.