Open to Internal DCC Applications Only until Friday 8th December 5pm.
Working Onsite Rotating Shifts – Manchester
The Role
This role will be integral to our approach to Security Response at SmartDCC, assisting with the toolsets, processes and capabilities required to effectively deliver a world-class security operations Centre. Responsibilities will include managing security investigations that are initiated by managed security services (SOC) or from events generated by our security tools, along with being part of our response team on more significant incidents.
The role will be focused on leveraging the technology and capabilities we have deployed to fine-tune alerting and to carry out security investigations, engaging with other DCC teams and Service Providers to resolve incidents. You will be joining an exciting and growing area and will be instrumental in supporting and advancing the operational security capabilities of the Cyber Security Team. There will be opportunity to work on and establish new Security Projects, as well as provide an advisory role to other elements of the business on best practice.
The role will require establishing relationships with key stakeholders in Risk, Technology and Operations, as well as establishing yourself as a SME for cyber security within the organisation.
What Will You Do
1. Analysis and Incident Investigation Senior, ensuring threats escalated to the security team are appropriately assessed and investigated.
2. Primary point of contact for our Cyber security Manager, ensuring alerts raised to the Security team are followed through and investigated.
3. Identify opportunities for security improvements and work with relevant infrastructure teams.
4. Assist in the development of operational metrics and dashboard reporting for operational security posture.
5. Support operational security projects and where necessary attend Technical Design Forms and represent the Cyber Security team at Change Control.
6. Review products that can advance our security capabilities, such as tools that support analysis, detection capabilities and other emerging technologies.
What You Will Have
1. Provide guidance to SOC analysts, including apprentices and cyber security analysts.
2. Good communication and presentation skills, translating technical content to a wide range of stakeholders and reporting findings to senior leadership.
3. Ability to work independently to deliver against personal and team objectives, liaising with relevant teams.
4. Good network knowledge and principles; LAN, TCP/IP, OSI Model, DNS, DHCP, Wi-Fi, Routing.
5. Understanding of key Windows domain services, such as Active Directory, Exchange and Windows.
6. Experience in applying security best practices to end user devices (workstations).
7. Exposure to key security technologies, such as IDS, Web content filters, AV, SIEM, Vulnerability Management, Firewalls, and awareness of their purpose in a layered security approach.
8. Good cloud knowledge – Azure and AWS.
9. Experienced in the use of Elastic Search.
10. Experience and understanding of ITIL.
11. In-depth knowledge of the Mitre Att&ck framework.
12. 3 years plus security incident management experience.
The individual is expected to be able to convey impact and translate technical findings or information to a broad audience, from senior stakeholders to technical individuals that need to understand the detail. It is important therefore that the role holder can tailor communication and information for a specific audience.
The successful candidate must have the ability to be cleared to HMG SC clearance level.
Special Requirements
To have open recruitment and recognizing the diverse nature of experience and expertise that can be suitable for this role, all points listed here are optional, but examples of useful experience or skills that will be applicable in the role. Noting that additional training will be provided to bridge any gaps in knowledge.
1. Expertise/working knowledge of one or more key security technologies such as IDS, SIEM, Vulnerability Management.
2. GIAC Qualifications (GCIA, GCIH, GCFA, GREM).
3. Experience with Linux Server and Desktop environments (CentOS, Ubuntu, Amazon).
4. Knowledge of the Mitre Att&ck framework, and application in incident investigation.
5. Programming or Scripting experience, either in Web Technologies or PowerShell/Perl/Python.
#J-18808-Ljbffr