Job Title: Security Supervisor Incident & Vulnerability DV Cleared
Duration: Until end of March 2025
Location: Corsham
Rate: Up to £650.00 per day via an approved umbrella company
The DPS SOC Security Supervisor (Incident & Vulnerability) is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Supervisor (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level. The Security Supervisor (Incident & Vulnerability) reports to the Security Operations Lead and is responsible for the People, Processes and Technology (P2T) that delivers the PROTECT, DETECT and RESPOND controls within the NIST Cyber Security Framework, specifically:
* Responsible for integration of standard and non-standard logs in SIEM.
* Management and coordination of the incident response and forensic processes.
* Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
* Revising and developing processes to strengthen the PROTECT, DETECT and RESPOND delivery.
* Responsible for overall use of resources and initiation of corrective action where required.
* Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
* Ensuring threat management, threat modelling, identify threat vectors and develop use cases for security monitoring.
* Driving tools development and integration, including Defence Cyber Capability (DCC) and Cyber Enabling Architecture (CEA).
* Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
* Deliver co-ordination with stakeholders (both internally within D&IS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.
* Work with the rest of the SOC team to support analysts with performance feedback, training, and career direction.
* Assist with screening and hiring security analysts and security engineers.
* Support routine governance and compliance audits, and accreditation activities.
Essential skills, qualifications, and experience
* Hold current DV clearance.
* Strong supervisory and management skills, and the ability to guide others during incident, vulnerability and crisis management events.
* Able to tune correlation rules, event and outcomes via SIEM and SOAR platforms (specifically Elastic).
* Ability to articulate and escalate proposed changes to tooling configuration.
* Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoC).
* Familiarity with Linux and Windows capabilities and with network and host based forensic processes.
* Familiarity of the investigation of malware and host compromise incidents.
* Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
* Technical understanding of current cybersecurity threats and trends.
* Working knowledge of the NIST frameworks, including NIST 800-12, 800-53 & 800-37a and JSPs 440 and 604.
* ISO 27001:2013 security and risk controls.
* MITRE ATT&CK adversarial framework.
* ITILv3/v4 Foundation.
Desirable qualifications:
* CompTIA A+.
* CompTIA Security+.
* CompTIA CySA+.
* CompTIA PenTest+.
* SANS MGT551: Building and Leading Security Operations Centres.
* CISSP / CISM.
* SANS Critical Security Controls / SANS Advanced Security Essentials.
* ITIL v3/v4 Intermediate.
* SANS 504 (Incident Handling).
* SANS 511 (Continuous Monitoring).
If this is the role for you please submit your CV at your earliest convenience.
#J-18808-Ljbffr