Threat Defence Lead - Slough

£100,000 - IT/Information/Cyber Security
Ref: 67 Date Posted: Wednesday 25 Mar 2020
LinkedIn ShareShare
Company:           Energy
Location:             Buckinghamshire
Reports to           Group CISO
Salary:                £80,000 – 100,000
The Role
The vision for this Threat Defence role is to build on the existing capabilities to develop a best practice threat defence capability. The role offers an opportunity for end to end ownership of a threat defence strategy and service. It is an unusual role because it will be an individual contributor role (at least initially) having ownership of the end to end threat defence strategy and service, but delivering it through partnership with outsourced providers and IT. We’re looking for a motivated and experienced individual who wants to join a high performing team and be a part of and influence a transformational journey.
Successful candidates will be required to achieve and maintain DV clearance.
Main Responsibilities
Develop a threat defence strategy to enhance the current capabilities. Build and deliver the services in the strategy through a combination of in house and outsourced service providers.
Ensure incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
Lead and manage the security operations centre service (outsourced).
Revise and develop processes to strengthen the current Security Operations Framework, review policies and highlight the challenges in managing SLAs.
Perform threat management, threat modelling, identify threat vectors and develop use cases for security monitoring
Deliver improvements to the internal incident reporting process.
Responsible for team & vendor management, overall use of resources and initiation of corrective action where required for Security Operations Centre.
Responsible for integration of standard and non-standard logs in SIEM.
Creation of reports, dashboards, metrics for SOC operations and presentation to senior management.
Co-ordination with stakeholders, build and maintain positive working relationships with them.
Implement an IT Security Services board in partnership with the head of IT operations to develop transparent security service performance reporting from the outsource provider and drive improvements.
Develop crisis simulation exercises to meet regulatory requirements and to enhance the response capability.
Build relationships with other organisations across the civil nuclear sector
Job requirements
Vocational Qualifications:
Relevant experience of working a threat defence capacity
A relevant qualification
Experience in security device management and SIEM
Proven experience of Incident Management and Response
In depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
Knowledge of various operating system flavours including but not limited to Windows, Linux, Unix
Knowledge of applications, databases, middleware to address security threats against the same.
Proficient in preparation of reports, dashboards and documentation
Excellent communication and leadership skills
Experience in performing vendor management
Ability to handle high pressure situations with key stakeholders
Good Analytical skills, Problem solving and Interpersonal skills
Working knowledge and experience with MS office with proficiency in Excel
Behavioural competencies:
Motivated, self-starter who can create a pragmatic plan to deliver from a blank page
Data driven with an innate curiosity and drive for transparency through rigorous measurement
Sense of urgency to resolve security incidents and risks
A team focused mentality with excellent relationship management skills
Fast learner who can assimilate information quickly
Ability to react quickly, decisively, and deliberately in high-stress, high-impact situations
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
An understanding of organizational mission, values, and goals and consistent application of this knowledge
Experience required:
Significant experience in information security, especially on a Computer Incident Response Team (CIRT), Computer Emergency Response Team (CERT), Computer Security Incident Response Centre (CSIRC) or a Security Operations Centre (SOC)
Demonstrable experience of managing outsourced security services and driving continuous improvement
Demonstrable experience of developing and delivering a cyber defence strategy
Specific knowhow and technical skills:
Technical expertise in anti-virus solutions, virus outbreak management, and the ability to differentiate virus activity from directed attack patterns
Technical expertise in Intrusion Prevention System (IPS)/Intrusion Detection System (IDS), SIEMs and other Computer Network Defence (CND) security tools.
Six sigma and ITIL