We're looking for a Cyber Incident Response expert to lead the Leonardo Cyber Incident Response Team (CIRT) within the Leonardo UK Cyber Competency Centre.
Please note this role has an anticipated start date of September/ October 2020.
What is the Leonardo Cyber Competency Centre (CCC)?
Our CCC delivers specialist managerial & technical cyber security services to a range of clients across a variety of industries including construction, government, defence & aerospace. The CCC Cyber Incident Response Team sits within the Bristol Security Operations Centre & is responsible for providing thorough technical investigation of incidents escalated by the Security Operations Centre, managing & preparing for cyber security incidents on client estates, & providing specialist consultancy services including investigations, malware analysis, digital forensics & cyber response capability development.
Beyond the CCC, Leonardo & its Cyber Security division are a world leader in safety-through-technology, providing tailored solutions for customers in public administration, public safety & security, critical infrastructure, services, transport, post & logistics.
What will you be doing?
You will be responsible for managing the day-to-day operations of the CIRT & its wider improvement strategies, including business development, people management, bid management, & technical oversight of customer & internal projects.
A typical day includes managing the response to cyber security incidents raised by customers & internal security monitoring teams, & getting hands on when required to provide subject matter expertise for incident investigation & response activities. You'll be customer facing & will be required to inform & train customers on recommended actions & on-going incident activities at varying levels including with local IT teams & at C-suite level.
Working with the other CCC leads in Security Monitoring, Security Device Management, & Content, Capability & Research, you'll be responsible for continually improving the Incident Response capability & identifying new opportunities for growth market expansion.
You'll also have the opportunity to lead & contribute to consulting engagements, which might see you training our clients on-site in best practice for cyber response, conducting investigations, or supporting our cyber consulting team as a technical lead.
Who would suit this role?
You'll ideally be an incident responder with experience of leading enterprise-scale investigations, threat hunting or malware analysis activities. You'll need up-to-date knowledge of the digital forensics, incident response, & cyber security markets to enable you to grow the capability & win work
Key Responsibility Areas
Your key responsibility areas will include:
Leading the professional delivery of all Cyber Incident Response and Digital Investigation services
Acting as the subject matter specialist in cyber incident response and related disciplines to the wider business
Providing specialist cyber knowledge, insight, and training to clients and to internal teams on an ad-hoc basis and through the delivery of formal training courses
Developing threat intelligence capabilities and strategies in conjunction with other operational teams and customers
Advising clients on how to best respond to any given incident, from boardroom to boots-on-the-ground, with excellent technical leadership to promote confidence based on your skills and experience
Advising clients on how to best implement mitigation measures which might prevent or limit future incidents, working with customer and internal teams to create effective response strategies
Authoring and reviewing customer Cyber Incident Response Plans
Leading threat hunting programmes across available security devices and through operating system native or custom tooling
Managing a small team of technical specialists and supporting their professional development through coaching, training, and performance reviews
How will we support you?
We offer fantastic opportunities for learning, development & professional growth. As a team, we dedicate time to research projects & encourage our specialists to get involved in the InfoSec community in Bristol & beyond.
We want to support you & encourage you to fulfil your potential through:
Community Engagements: We support contributing to information security community events & conferences
Flex-leave schemes: We offer our employees the time & flexibility they need to enjoy a balanced life
Supportive relocation package: If you're not local already, we can make arrangements to get help you move to the area.
Award-winning pension scheme: Our multi-award-winning pension scheme includes generous employer contribution
Annual leave: We offer 25 days holiday plus 8 bank holidays
Employee discount schemes: We offer you and your family an attractive range of discounts from retail and cinema to hotel bookings and vehicles benefits
Career break: Where appropriate, we support our employees in pursuing other interests outside the workplace
Salary sacrifice schemes including childcare voucher scheme: We encourage working parents to save money on childcare by offering them several advantageous facilities & vouchersTo find out about all of our Company benefits please visit:
Skills, Qualifications & Knowledge Required
We're looking for somebody that has:
Excellent knowledge of the inner workings of Windows Operating Systems
Excellent knowledge of how malware works and some experience in tearing it apart
Good knowledge of the fundamentals of Unix systems including MacOS and Linux distributions
Excellent knowledge of host-based investigations including digital forensic principles and practices
Good knowledge of Cyber Threat Intelligence capabilities and strategy implementation
Excellent knowledge of common networking and routing protocols (e.g. TCP/IP), services (e.g. TLS, DNS, SMTP) and how they interact to provide network communications
Good experience in packet-level analysis, firewall and hypervisor administration, network appliance log analysis, and management of network intrusion detection and prevention systems
Excellent knowledge of Cyber Security Incident Response processes and procedures with real-world application
Experience in winning commercial bids and leading the delivery of technical consulting services
Some practical programming knowledge or experience in writing scripts in languages such as Python, PowerShell and Bash
Report writing and reviewing skills
Some experience of creating and delivering technical and managerial training courses to internal teams and customers
The role will also involve:
Occasional travel whilst conducting incident response work
Ability to attain SC clearance (last five years residency in UK is required)
The Jones Bros Group has been operating for over 50 years and predominantly provides complete civil engineering solutions for a...Apply For This Job
We have an exciting opportunity for an experienced Quality Engineer to join the team based at our site in Billingham....Apply For This Job
Leonardo is a global leader in defence electronics and delivers mission critical systems for situational awareness, electronic warfare and surveillance...Apply For This Job
Site work based in and around the east midlands. You will be a time served tradesman with initiative to work...Apply For This Job
Logistics done differently. Do you want to play a key role in our facilities team to ensure our warehouse operation...Apply For This Job