Cyber Security provides vital protection for digital assets that provide essential services to the public. This role is essential for the investigation and review of our systems and data to identify security weaknesses, provide recommendations to improve our security posture and to drive delivery of those improvements.
This outcome of the role is to methodically identify and reduce threats to the HMRC estate using the technical countermeasures we have available. Ensuring our cyber security controls are effective and fit for purpose with accurate configuration and security posture. As well as continuously identifying new technical controls to answer risks.
Job description
You'll work in our Incident Management Team, an exciting and fast paced group responsible for monitoring and responding to Cyber threats. You will lead a team of 6 specialists, providing support and guidance on technical issues whilst remaining cool under pressure.
You will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem-solving skills.
We would like to hear from applicants with the following cyber security operations skills:
* Triaging and investigating security alerts from multiple systems.
* Managing the response to cybersecurity incidents and related investigations, following the incident response lifecycle, to a timely and effective resolution.
* Developing alerts and use cases against very large data sets over some of the latest technology.
* Malware Analysis: ability to perform static and dynamic malware analysis to understand the nature of malware.
* Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.
* Serve as a subject matter expert on cyber security frameworks, including NIST, MITRE ATT&CK, and the Cyber Kill Chain.
* Computer Forensic Analysis: a background using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.
Person specification
You will be curious and inquisitive by nature, a person who enjoys getting to the root cause of issues, especially around threats to our network.
You are a team player who enjoys working collaboratively with colleagues across teams and business areas, including suppliers.
You will have proven analytical skills, using data and information in various formats. You will have good report writing and presentation skills.
Labour Market Supplement (LMS) will be paid for suitable qualifications and experience.
Essential Criteria:
Knowledge of threat landscape, their TTPs and IoCs
A good understanding of operating systems including Windows and Unix and Network principles.
A good understanding of Cloud Architecture and components
Qualifications/Knowledge
At least one of the following:
* SANS certification.
* Experience of working in a SOC as part of an incident response function
* Experience using common security technologies such SIEM, EDR, IDPS, Network Security Analysis.]
Desirable Criteria
EDR and other Microsoft monitoring systems (MCAS etc)
Mitre/NIST Frameworks
Good Understanding of Threat Hunting TTP's