Digital Forensics and Incident Response Supervisor
Salary: £53,412 - £58,418 per annum, with further salary progression available subject to performance in role.
Bonus: Up to 10% base salary per annum, based on achievement of Company targets and personal performance.
Location: Sellafield, West Cumbria. Shifts follow a 4 on 6 off pattern. Please note this role attracts a shift allowance of up to £13,629.
About the role:
This role will play a key part in protecting the critical national infrastructure, through assisting the Cyber Security Operations Manager with the day to day operations of the Cyber Security Operations Cell. This role will oversee and provide leadership to a shift team of CSOC Analysts. The successful DFIR candidate will offer SME advice on digital forensics and incident response for the identification, collection, analysis and remediation of network threats and vulnerabilities as part of legal and business conduct.
Key responsibilities:
1. Manage and develop a shift team of CSOC Analysts in relation to protective monitoring, incident response, and threat hunting to ensure the delivery of a mature and highly skilled CSOC.
2. Lead, co-ordinate and provide technical assurance & escalation for daily investigations performed within the CSOC.
3. Develop and enact Digital Forensics capabilities within CSOC relating to escalated investigations, threat hunting and incident response to deliver cyber threat detection and forensically sound evidence, in accordance with government and ONR guidelines.
4. Lead in the development and tuning of Cyber Operations tooling and its application to the business, aligning with the cyber exploitation / Cyber Kill Chain / Mitre ATT&CK matrix, increase capabilities and efficiency of incident response.
5. Develop and perform the activities defined in the Cyber Security Incident Response Plan / Forensics Readiness plan, ensuring Operational elements are achieved in accordance with site emergency arrangements.
6. Oversee technical implementation and commissioning of Cyber Security tooling solutions to agreed requirements.
7. Provide advice and guidance to internal and external stakeholders in relation to Digital forensics, Incident Response and Cyber Security in general to ensure threats are identified, with measures understood to reduce impact and consequence.
8. Assess, suggest or take remedial action to Cyber Security Incidents within defined policies and standards.
9. Review, document and apply good practice against all Cyber Security incidents for damage arising from compromise of company sensitive and Government protectively marked information across Sellafield.
10. Review Cyber security tools, processes and procedures and assist in testing the robustness of current and developing systems.
11. Deputising for the CSOC Manager as required.
Your skills and qualifications
Essential:
1. University degree or relevant experience in Security Operations.
2. CompTIA Security+ or equivalent.
3. In depth knowledge of Microsoft Azure security platforms, DfI, DfE, Sentinel etc.
4. In depth knowledge of Digital Forensics.
5. Strong understanding of network protocols and a variety of operating systems.
6. Strong analytical skills particularly emphasis on being able to identify modern offensive techniques.
7. Knowledge & experience of SOC Tooling, for example SIEM (Sentinel, Splunk, LogRhythm), IDS, IPS, EDR.
8. Line management / leadership experience.
9. A full driving license is required by the role holder due to the requirement to work on-site.
10. Ability to achieve DV clearance + NPPV.
Desirable:
1. GIAC certifications: GSOC, GMON, GCED, GCDA, GCFE, GCFA.
2. SC-200 Microsoft Security Operations Analyst.
3. Familiarity with scripting languages (e.g., Python, PowerShell) for automation and analysis.
4. Familiarity with the use of incident ticketing systems such as ServiceNow.
5. Control Systems experience.
6. Malware analysis / Reverse engineering experience.
7. Vulnerability analysis experience.
Please Remember:
1. As part of the application process you will be asked to provide evidence of your qualifications. Attaching them at application stage will ensure a smooth process and prevent delays.
2. In the event of a high number of responses to any advert, Sellafield Ltd reserves the right to close the advert early.
3. Please regularly check your Spam/Junk folders for news about this vacancy, correspondence could contain invitations to interview and other important updates.
Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. #J-18808-Ljbffr