Cyber Defence Operations (CDO) is Vodafone Group's Cyber Defence Operations Centre of Excellence. CDO's mission is to protect Vodafone customers against global cyber risk. CDO is specifically accountable for delivering:
Responsibilities
* Cyber Defence operational leadership across Vodafone.
* Cyber Defence operational capabilities to Vodafone Group, the Local Market Operating Companies, and Partner Markets to enhance Vodafone's global cyber defence posture and reduce its cyber risk.
* Providing advanced operational defence against signalling based threats impacting Vodafone's telecommunications networks.
* Monitoring, analysing, detecting, and responding to security events across SS7, Diameter and GTP‑C using Signalling Firewalls and Signalling Intrusion Detection Systems.
* Leading investigations of complex signalling incidents through deep protocol analysis, telemetry interrogation and advanced analytics, and owning continuous improvement of playbooks, dashboards, and operational processes.
* Collaborating with global Vodafone Cyber Security teams, including CERT and Incident Management, to support major incident investigations and cross‑functional initiatives.
* Defining, maintaining and continuously improving Cyber Defence playbooks for SigFW related events.
* Developing clear and actionable incident reporting to support effective prioritisation, escalation and decision‑making.
* Supporting development and production integration of Signalling Intrusion Detection Systems (SigIDS).
* Designing and maintaining operational dashboards and analytics to improve signalling security situational awareness.
* Performing continuous monitoring and triage of signalling security events in line with defined severity and escalation criteria.
* Leading analysis of unusual signalling patterns, behaviours and anomalies within the network, identifying potential SS7/Diameter abuse and responding to threats before network impact occurs.
* Analyysing known and emerging signalling attack techniques (e.g. interception, location tracking, routing manipulation, fraud enablement) and translating these into effective detection logic, analytics and investigative guidance.
* Maintaining expert knowledge of SS7/Diameter abuse patterns and translating this into detection logic, alerts and investigative guidance.
* Feeding lessons learned from incidents and intelligence back into preventative controls, dashboards and playbooks.
* Raising and managing incident and remediation tickets (e.g. Remedy).
* Managing enrichment of signalling telemetry (e.g. via Cribl coordinated through GitHub Enterprise).
* Consuming telecom‑specific threat intelligence and integrating insights into SigFW/SigIDS detections, playbooks and operational workflows.
* Identifying control gaps and proposing enhancements to detection logic, SigFW policies and operational procedures to improve signalling security posture.
* Acting as a technical liaison between Cyber Defence and Network Engineering to influence signalling security policy, control design and operational effectiveness.
* Briefing internal and external stakeholders including NCSC, NSIE and Ofcom where required.
* Evaluating and optimising signalling security tooling to ensure effective defence against evolving threats and emerging attack techniques.
* Continuously working to stabilise the process and procedures.
* Participating in the delivery of signalling security reports and advisories to all key stakeholders.
Qualifications
* Strong willingness to learn and adapt to new tools, technologies and emerging signalling threats in a fast‑moving security environment.
* Open‑minded, collaborative and comfortable working across technical and operational teams.
* Demonstrated resilience, curiosity and a positive attitude when operating in high‑pressure incident environments.
* Experience with telecommunications signalling protocols (SS7, Diameter, GTP‑C) or strong willingness to rapidly develop expertise in this area.
* Strong analytical capability across large signalling telemetry datasets to identify anomalies, abuse patterns and emerging threats.
* Experience working within an operational Cyber Defence or SOC environment, including incident triage and escalation.
* Hands‑on experience in security event analysis and incident response, particularly within network or telecoms contexts.
* Experience using security analytics and monitoring platforms such as Dynatrace, Splunk, Google SecOps and Tableau.
* Understanding of telemetry pipelines, log enrichment, and data quality considerations (e.g. Syslog, Cribl or similar).
* Ability to communicate complex technical findings clearly to both technical and non‑technical stakeholders.
* Excellent verbal and written communication skills with the ability to articulate complex technical concepts clearly and concisely.
* Highly disciplined and motivated, able to work independently, under direction or collaboratively as part of a wider team.
* Strong understanding of security threats and abuse patterns relevant to telecommunications networks and signalling environments.
* Bachelor's degree in cyber security, information technology, telecommunications engineering, or a related field, or equivalent professional experience.
* Working towards, or willingness to obtain, relevant professional certifications in areas such as network security, security analytics, intrusion detection or incident response (e.g. GCIA, GNFA, Splunk certifications, cloud security certifications, or equivalent).
* Equivalent practical experience within telecoms security or signalling‑focused cyber defence will be considered equally valuable.
* Eligibility for and willingness to complete UK government security clearance.
Benefits
* Yearly bonus: 10%.
* Annual leave: 28 days + bank holidays, with the opportunity to buy/sell/carry over 5 days per year.
* Charity days: 5 days per year.
* Maternity leave: 52 weeks (first 13 weeks fully paid, followed by 26 weeks at half pay).
* Private pension: you can contribute up to 5% of your basic pay with a 2:1 matching from Vodafone up to 10%.
* Access to private medical, private dental, free health assessments, share‑save scheme.
* Additional discounts: Vodafone retail, gym, cinema, cycle‑to‑work scheme, season ticket loan.
#J-18808-Ljbffr