Cyber Incident Response Lead

  • Location

    Malvern, Worcestershire

  • Sector:

    IT

  • Job type:

    Permanent

  • Salary:

    Negotiable

  • Contact:

    Jack Williams

  • Contact email:

    Jack.Williams@experis.co.uk

  • Job ref:

    BBBH120497_1584110089

  • Published:

    8 months ago

  • Expiry date:

    2020-04-12

  • Client:

    #

Cyber Incident Response Lead

Our client are experts in defence, aerospace, security and related markets. We draw on our extensive technical knowledge and intellectual property to provide the know-how and support to solve some of the world's most challenging problems. Our people make the critical difference to customers by providing unique approaches to problem solving. Why don't you join some of the world's finest scientific and technical minds and help us make tomorrow work today?

The Role

This is an exciting opportunity for an experienced Incident Response Leader to shape and lead a cyber incident response capability within an established cyber function. The capability will integrate with our cyber defence managed services and make a significant contribution to the digital resilience of our clients. This is a senior level position with opportunity to take significant responsibility, with a high degree of autonomy and influence in the context of the organisation's overall cyber security proposition.

We're looking for a leader with a mix of business / operational management capabilities and a strong understanding of incident response concepts as you'll be required to develop the new incident response service at pace and scale, with significant customer-facing responsibilities. You'll have the opportunity to recruit and develop the necessary team with the required specialist skills to create a leading and sustainable capability.

This individual will be central in the selection of the tools & technologies, as well as collaborate with the wider Cyber business i.e. Threat Intelligence and SOC to create a transactional, high volume service which provide short rapid transactions for our customers. You'll also be responsible for leading and performing Incident Response Readiness Assessments for our customers within the Defence and Government sectors.

The role will involve working on the design and development of incident response strategies, plans and managed service offerings, therefore previous experience of organising and leading response to cyber incidents will be essential. You'll have a previous track record of inspiring, motivating and managing teams using clear written, verbal and presentation skills.

Key Skills

  • Designing and participating in Tabletop Exercises with customers.
  • Willing to work flexible hours to meet the needs of a given incident response scenario
  • Prepare reports and prepare and deliver presentations for both expert and senior audiences
  • Guide, influence and provide thought leadership within incident response services
  • Competent handling evidence and able to meet formal standards for handling evidence
  • Well-presented professional client facing demeanour

Desirable Skills

  • Able to proactively hunt for adversaries using a variety of tools and techniques
  • Understand how advanced, real world attack footprints look like and how to identify tools techniques and procedures within log data
  • Experience and knowledge of threat intelligence techniques, honeypots and 3rd party threat feeds
  • Knowledge of current threat groups, their trade craft, and analysis techniques
  • Practitioner with incident response toolsets and investigation techniques
  • Host centric analysis utilising a variety of tools
  • Network centric analysis utilising a variety of tools
  • Experience working in a commercial managed service environment
  • Experience leading complex incident response investigations
  • Able to explain technical threat and impact to board level management

Working location may be flexible once the role is established but the candidate will be expected to initially embed themselves within the business, become familiar with the cyber capability, processes and ways of working etc. with significant time based at our Malvern site required at least initially.