Lead Cyber Incident Responder
Hybrid - Solihull
Full Time, Permanent
Up to £, (depending on experience)
Here at Serco, we are seeking an experienced Lead Cyber Incident Responder to be responsible for Serco UK & Europe Incident response activities. This role will be responsible for the process, the integrations and engagements across Serco Worldwide. It will work closely with the Serco regions (Asia Pacific, Middle East and North America). You will be responsible for working closely with our outsourced partners and with the Threat intelligence and SOC teams to ensure effective management and communications.
As part of this you’ll:
1. Understand and develop the Incident Response processes and implementation. Including supporting SOC and wider business around its mechanisms and logic
2. Manage the various available resources (Internal and external) to deliver the quality of Incident Response mature services
3. Develop/manage and advance Incident Response Playbooks, perform proactive threat hunts based on threat intelligence gathered
4. Guide delivery of playbooks, automate routine processes, create or enhance detection and response capabilities
5. Understand the principles analysis of network traffic and output from various network-centric technologies driving good behaviours and skills in others
6. Be able to support technical analysis and assessments of security-related incidents, including malware analysis, packet-level analysis, and system-level forensic analysis.
What you’ll need to do the role:
7. Previous experience handling cybersecurity related incidents
8. Technical proficiency in a minimum of at least one of the following domains: Malware Analysis, Digital Forensics, Log Analysis, Red Teaming/ Penetration Testing, or related domains
9. Understanding of networking protocols, traffic analysis, and network security tools ( WAF, NDR)
10. Strong Linux fundamentals, experience operating and investigating incidents in *NIX environments
11. Familiarity performing log analysis using SIEM tools (, Microsoft Sentinel)
12. Experience with scripting languages (, Python, Go and PowerShell) for automation and analysis
13. Excellent communication (verbal and written), teamwork and collaboration skills
14. Ability to communicate technical concepts to a broad range of technical and non-technical staff
Candidates should have one of the following:
15. Bachelor's degree in Cybersecurity, Computer Science, or a technical field (or equivalent work experience in related field).
16. Professional certifications in Cybersecurity (OSCP, GCIH, GREM, GNFA or other relevant certifications).
17. Experience in working and investigating incidents in a global organisation.
What we offer:
18. days annual leave plus bank holidays.
19. Annual leave purchase scheme.
20. Up to 6% contributory pension scheme
21. Flexible working options.
22. A Serco benefits portal offering a wide range of discounts for major high street brands in Retail, Leisure & Hospitality.
23. A range of benefits to support the health and wellbeing of you and your family such as Employee Assistance Programme, Health Cash Plans, free flu jabs and more.
24. A wealth of career development training to suit your future aspirations. These range from role specific training, leadership coaching, formal study and much more to support you to build your career with Serco.
25. A safe and supportive culture.
26. A company passionate about diversity and inclusion.