Technical Lead Cyber Defence
About the Role
You'll be a team lead in our 24x7 Cyber Defence team. We are global team with presence in USA, UK, EU and APAC.
As a seasoned lead analyst you will help the wider analyst team perform alert monitoring, incident response, investigation and research on existing and emerging cyber threats. The position focuses on leveraging your understanding of the tactics, techniques, and procedures employed by advanced threats combined with intelligence from multiple sources to respond to a range of different and complex incidents.
You are the defenders of our network, the guardians or our secrets.
Experience and Accountabilities
Our Cyber Defence team is tasked with identifying and addressing threats to the business utilising a range of tools and technologies. The senior members of our Cyber Defence team are specialists in a number of areas with particular focus on network and endpoint forensic capabilities. We exist to ensure our staff can innovate in a safe environment allowing us to deliver exciting technology to the market before our competitors.
To be a Technical Lead Cyber Defence we would like candidates to demonstrate experience in:
- Delivering an enterprise level service where you have identified attacks, intrusions, unusual or illegal activity and acted in line with an incident management or response plan.
- Acting as a leader within a SOC environment, develop non-senior members of the team and challenge existing approaches with a view to delivering greater efficiency.
- Working in a close-knit team but with an ability to take the initiative to deliver innovative approaches.
- Own and author SOC playbooks, ensured they are followed and that they are regularly reviewed to identify better ways of working.
- Reviewing new technologies, working on proof of concepts and helping to decide the future technology stack of a SOC.
- Utilising a range of intelligence sources to hunt for threats across an infrastructure. Taking the lead in threat hunting and training junior members of the team to help them develop in to seasoned Cyber Defence Analysts.
- Identifying opportunities to automate response to alarms, helping to drive maximum efficiency in a SOC to ensure time and resource availability to identify the true threats.
- Staying up to date with current security trends, attack approaches, campaigns and APT groups with a view to utilizing that knowledge while identifying threats to the business.
We are looking for team members with an exceptional track-record of delivering security to a range of business types and sizes.
You'll bring the following:
- Expert knowledge and hands-on management of a SIEM/SOAR tools including the ability to analyse business practices, derive security use-cases and build alarm rules to cater to them.
- Strong knowledge of cyber threat hunting, advanced attack vectors and using cyber intelligence to proactively discover threat behavior.
- Strong knowledge in network and host-based security as a minimum as well as experience in web application security and Client Server application security.
- Strong knowledge of approaches to exploiting Windows, Mac OS and Linux operating systems.
- Significant experience of utilizing a range of SOC technologies such as Endpoint Detection and Response tools (for example Carbon Black, Crowdstrike, Cybereason), Email Security Gateway (for example Symantec Email Security, Cisco Ironport), Web Security Proxy (for example Zscaler, Websense, Barracuda).
- Expert knowledge of a range of log types and headers with particular focus on email headers, IIS logs, AD logs etc.
- Practical knowledge of industry standard frameworks such as ISO 2700x, NIST, ITIL, etc.
- Experience of securing organisations in line with industry best practices such as CIS, SANs, OWASP, CSA.
- Knowledge of industry regulations such as PCI DSS, GDPR, China CSL, etc.
- Experience of a range of open source tools, technologies and sites for extending analysis capability (for example Wireshark, VirusTotal, Hybrid Analysis, Cuckoo, MISP etc.).
- Ability to translate and distil complex technical information across all levels of the organisation as required for the audience.
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their race, sex, disability, religion/belief, sexual orientation, gender reassignment, marriage and civil partnerships, pregnancy or maternity or age