Provide technical leadership across multiple cyber defence component capabilities provided to QinetiQ customers and security initiatives and projects, including implementing and evolving the cyber defence strategy and roadmap.
- Technical leadership of CSOC operations to deliver cyber defence services to clients
- Liaise with clients and key stakeholders to establish key security requirements with proposed solutions in scope to provide an efficient and effective detection and response capability.
- Leading the technical response to the discovery of all high/critical vulnerabilities with accurate assessment of the attack surface introduced and the orchestration of the effective response across multiple teams and departments.
- Develop and maintain detection content in line with evolving threats and industry standard frameworks across multiple tools(EDR, SIEM, Machine Learning)
- Take the lead on major incidents, proving clear direction to the wider teams.
- Act as a coach and mentor to SOC analysts to upskill the wider capability
- Lead SOC engagements with key customers and varying technical and non-technical stakeholders
- Provide technical guidance for the successful implementation of security monitoring based on SIEM and EDR technologies for the monitoring of third party clients
- Contribute the design and development of 'detect and respond' strategies, tradecraft and playbooks.
Key Capabilities/Knowledge
- Good understanding of fundamental enterprise level cyber security tools including Security Information and Event Management (SIEM), Big Data and Endpoint Detection & Response (EDR), Intrusion detection system technologies.
- Fundamental knowledge across multiple cyber subjects and expertise's including but not limited too; Digital Forensics, Network Analysis, Host Intrusion Analysis, Malware Diagnosis, Incident Response, Threat Intelligence Gathering.
- Good understanding of the MITRE ATT&CK framework with the ability to determine live technique exploitation and novel detection methods in line with them.
- Good ability to critically diagnose and interpret a vast amount of different security focused log sources(Windows, Linux, Firewalls, IDS, AV, EDR)
- Able to identify relevant log sources required for effective content development and threat hunting. Able to create detection content across a wide range of tooling that follows industry best practice.
- Able to identify suspicious and malicious events by manually reviewing logs, leveraging threat intelligence, and drilling down into further details. Able to deal with ambiguous log events.
- Able to explain with justification to stakeholders the limitations in cyber security monitoring and/or threat hunting arising from inadequate log sources
- Able to work independently, with guidance in complex situations
- Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security
- Outcome focused stakeholder engagement, influence & persuasion skills
- Collaborate effectively across organisation and externally to achieve required outcomes
Experience & Qualifications
Essential
- STEM degree or equivalent
- Minimum of 3years relevant experience in an operational cyber-security defensive monitoring environment
- Experience of computer operating systems, such as Linux and Windows (e.g. security fundamentals, patch management, file sharing).
- Experience working with SIEM, IDS, EDR and related security monitoring tools.
Desirable
- Experience of applications based on an ELK / Elastic stack architecture (Elasticsearch, Logstash, and Kibana)
- Experience with the configuration and maintenance of tools including; Log Rhythm Carbon Black, ELK
- Qualifications such as Cisco Certified network Professional Security (CCNP Security), CREST Practitioner Intrusion Analyst; ITIL Foundation; CompTIA Network plus certification or similar; SANS GIAC or similar may be beneficial
- Member CIISec or equivalent