Liberty Global is a world leader in converged broadband, video and mobile communication services. Our business deliver next-generation products through advanced fibre and 5G network that connect 85million subscribers across Europe and the United Kingdom. Our businesses operate under some of the best known consumer brands including Virgin Media O2 in the UK, VodafoneZiggo in the Netherlands, Telenet in Belgium, Sunrise in Switzerland and UPC in Eastern Europe. Through our substantial scale and commitment to innovation, we are building Tomorrows Connections Today, investing in the infrastructure and platforms that empower our customers to make the most of the digital revolution, while deploying the advanced technologies that nations and economies need to thrive. Liberty Global Ventures, our global investment arm, has a portfolio of more than 50 companies across content, technology and infrastructure, including strategic stakes in companies Plume, ITV, Lions Gate, Univision, the Formula E racing series and several regional sports networks. So if you're the kind of person who embraces change, challenges the status quo and has a "sky's the limit" attitude, then our place is your place. Come and join us We are currently looking for a Senior Security Specialist to help continue to mature the way in which the organisation leads and handle the operational security incidents of our ever evolving business. The person will provide a passion and deep technical understanding of how to investigate and handle cyber incidents. You and the team will support our entire portfolio across our global network to detect, respond, remediate and recover from cyber-attacks but also proactively defend against them through Intelligence Led Threat Hunting. The team is part of the wider Group Security division and plays a pivotal role in working alongside our front-line technical teams in the delivery of an end to end intelligence led proactive monitoring, detection and response cyber security capability to Liberty Global, it's Operating Companies and Joint Ventures. As a Security Subject Matter Expert (SME) you will be responsible for monitoring security and handling security incidents across the Liberty Global group by minimising risk exposure, incidents as they occur. You will act as the Security Domain Specialist, and will lead, guide, and inspire the team of SOC analysts with a view to developing the skills among the team, whilst also acting as a technical escalation point. The role requires experience of intrusion detection and analysis, incident response, threat hunting, log analysis, vulnerability management, and technical troubleshooting of on premise network and cloud infrastructure. A self-starter is required for this role and the successful applicant will demonstrate taking ownership of and responsibility for resolving issues. This position is instrumental in driving forward the technical abilities of the team by developing threat hunting, adversary emulation, innovative threat mitigation methodologies and development of security use cases. Utilising you knowledge of complex IT environments coupled with a broad range of knowledge around networking, system administration and database platforms you will develop defensive methodologies around likely methods of attack. Identification of malware types, infection methods, providence and objective of the malware. This will also require extraction of IoC's and TTP's. As part of a wider team, you will guide them and be confident in making decisions, assist and work with Tier 1 and Tier 2 SOC team to develop investigations and respond to incidents. The role will require the candidate to follow our hybrid working policy which is three days in the Reading office and two days WFH. Key Accountabilities You will proactively develop the technical capabilities in detecting, responding, and mitigating attacks and other Cyber Security related issues and provide technical expertise in establishing the extent of a Cyber-attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a reoccurrence. Collaborating with the Incident Managers and Incident Commanders to provide the technical direction and leadership of major incidents and working other team members and various business units to identify or mitigate threats and support operational teams on security issues, ensuring risks are identified and treated. Engage, educate, and work effectively with business and technology teams around technical Cyber Security topics and carry out Technical & Management reporting to demonstrate efficiency and value of the teams work. We tend to look for people with: Extensive experience of leading, investigating and responding to cyber incidents. Deep knowledge and understanding of co-ordinating cross-organisational responses to security incidents. Experience in technical security systems, security architecture, security technology, and associated penetration testing and Security Event Management methodologies. In depth knowledge of Cyber Security Methodologies including the Cyber Kill Chain, Mitre ATT&CK Framework, MITRE Def3nd and NIST. Ability to identify developing patterns and trends in data and be able to provide incident root cause analysis, identifying and influencing future prevention by maintaining the Incident knowledge base. Experience of other security technologies & defences such as Firewalls, Snort, Bro, Intrusion Detection System (IDS) monitoring and custom rule creation (YARA), TCP/IP Networking, WireShark, TCPDump and Netflow analysis. Demonstrable experience in IT systems and technologies (e.g. Linux and Windows operating systems, E-Mail, Proxies, Endpoint Protection). Experience in using a wide range of SIEM platforms (e.g. Azure Sentinel, Exabeam, Splunk and Elastic) and analysing log sources, data normalization and querying of data using analytical platforms (e.g., Splunk, Hadoop, Elastic, Kibana, MDE and MCAS) Understanding of Sandboxing technologies such as Cuckoo and Malware reverse engineering IE IDA Pro, ole debugger (both static and dynamic analysis required), and a good understanding of REMnux. Understanding of DFIR toolsets (e.g. Volatility, SIFT Workstation) memory and file system analysis, and attack vectors. Knowledge of Data Protection (GDPR) and its role within a business. Strong verbal and written communication skills and must have the ability to work independently and take initiative. Desirable Accreditations Global Information Assurance Certifications (GIAC) e.g. Certified Incident Handler (GCIH), Certified Intrusion Analyst (GCIA), Reverse Engineering Malware (GREM) would be an advantage. Liberty Global is an equal opportunity employer. We embrace diversity and are committed to creating an inclusive environment for our people. We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process. We're 100% committed to having a workforce that represents every part of our society. So we're keen to hear from candidates of all background and circumstances. Pre-Employment Screening: If your application is successful, your personal data may be used for a pre-employment screening check, which will be performed by a 3rd party provider (Sterling), on behalf of Liberty Global. Depending on the vacancy and applicable law, a pre-employment screening may include employment history, qualifications, contract information, right to work, and other information (such as media information) that may be necessary for determining your qualifications and suitability for the position. You can read more about how we process your data here Privacy & Security Policy - Liberty Global, and If you wish to exercise your privacy rights please contact: PeopleservicesLibertyglobal.com