Location: Hybrid, 2 days in Buckinghamshire
Reports to Head of Threat Defence
Salary: £80,000 - £90,000
The vision for this Threat Defence role is to build on the existing capabilities to develop a best practice threat defence capability. The role offers an opportunity to work with the Head of Threat Defence to define, implement and manage the Security Operations and Intelligence functions within the Threat Defence Team. We’re looking for a motivated and experienced individual who wants to join a high performing team and be a part of and influence a transformational journey.
Successful candidates will be required to achieve and maintain SC clearance.
• Assist in shaping the delivery of Security Operations and Threat Intelligence to enhance the current capabilities. Build and deliver the services in the strategy through a combination of in house and outsourced service providers.
• Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
• Act as primary contact for the security operations centre service (outsourced), and aligned internal capabilities and services across the enterprise for Security Operations.
• Develop, lead and manage Threat Intelligence services.
• Revise and develop processes to strengthen the current Security Operations Framework including Threat Intelligence services, review policies and highlight the challenges in managing SLAs.
• Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
• Deliver improvements to the internal incident reporting process.
• Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre.
• Creation of reports, dashboards, metrics for SOC and Threat Intelligence operations and presentation to senior management.
• Co-ordination with stakeholders, build and maintain positive working relationships with them.
• Build relationships with other organisations across the civil nuclear sector for Threat Intelligence
• Relevant experience of working a threat defence capacity
• A relevant qualification
• Experience in Threat Intelligence
• Experience in security device management and SIEM
• Proven experience of Incident Management and Response
• In depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Experience in threat management
• Knowledge of various operating system flavours including but not limited to Windows, Linux, Unix
• Knowledge of applications, databases, middleware to address security threats against the same.
• Proficient in preparation of reports, dashboards and documentation
• Excellent communication and leadership skills
• Experience in performing vendor management
• Ability to handle high pressure situations with key stakeholders
• Good Analytical skills, Problem solving and Interpersonal skills
• Working knowledge and experience with MS office with proficiency in Excel
• Motivated, self-starter who can create a pragmatic plan to deliver from a blank page
• Data driven with an innate curiosity and drive for transparency through rigorous measurement
• Sense of urgency to resolve security incidents and risks
• A team focused mentality with excellent relationship management skills
• Fast learner who can assimilate information quickly
• Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
• An understanding of organizational mission, values, and goals and consistent application of this knowledge
• Significant experience in information security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Centre (CSIRC) or a Security Operations Centre (SOC)
• Demonstrable experience of managing outsourced security services and driving continuous improvement
• Demonstrable experience of developing and delivering a cyber defence strategy
Specific know how and technical skills:
• Technical expertise in anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
• Technical expertise in Intrusion Prevention System (IPS)/Intrusion Detection System (IDS), SIEMs and other Computer Network Defence (CND) security tools.
• Six sigma and ITIL