Senior Manager, Cyber Incident Response

This is a Full Time Job

Senior Manager, Cyber Incident Response

Please note that this role is based in the United Kingdom. In order to enable us to meet statutory and regulatory obligations of the United Kingdom immigration system you must have the appropriate immigration permission needed to work and reside in the United Kingdom.

The Incident Response Sr Manager reports to the Incident Response Director in delivering incident response duties and initiatives.

This role performs sophisticated computer and network forensic investigations that pertain to different types of cyber threats, including malware, data theft, denial of service, and data breaches. They collaborate with the SOC to quickly evaluate, resolve, or escalate incidents for appropriate action. Additionally, the incumbent works with IT and other teams to pinpoint the underlying issues and create effective corrective and preventive measures. To enhance the organization's security posture and incident response capabilities, the employee collaborates with peers in threat assessment and provides recommendations to the Incident Response Exec Director.

Responsibilities:

• Develop and implement comprehensive incident response plans, policies, and procedures to effectively address cybersecurity incidents.
• Oversee the monitoring and analysis of security alerts and events from various sources, including security tools, logs, and threat intelligence feeds.
• Conduct thorough investigations of security incidents to determine the breaches' scope, impact, and root cause.
• Collaborate with other teams, such as IT, network security, and legal, to gather relevant information during incident investigations.
• Coordinate the response efforts during cybersecurity incidents, ensuring timely and effective actions to contain and mitigate threats.
• Work closely with technical teams to implement security measures and configurations to prevent similar incidents from recurring.
• Assist in recovering and restoring affected systems and data following incident resolution.
• Prepare and present incident reports to executive leadership and relevant stakeholders, including recommendations for improvement and lessons learned.
• Act as a point of contact for communication with internal teams, external partners, law enforcement, and regulatory authorities during incidents.
• Stay up to date with the latest cybersecurity threats, attack techniques, and industry best practices.
• Use threat intelligence to enhance the organization's defence mechanisms and incident response capabilities.
• Collaborate with the vulnerability management team to proactively identify and address potential security weaknesses.

Some travel may be required.

What you'll do:

The job's most important functions and responsibilities and percentage of time.

30% Lead and coordinate the organization's incident response efforts. Oversee the detection, analysis, containment, eradication, and recovery of cybersecurity incidents. Ensure timely and effective incident handling to minimize damage and reduce downtime.

20% Analyse hacker techniques, tools, and motivations to identify potential threats and vulnerabilities. Develop and implement strategies to mitigate and prevent future security incidents. Stay updated on emerging cyber threats and adapt incident response strategies accordingly.

25% Work with technical teams to address security weaknesses and improve overall security posture during incident investigations. Collaborate with the IT and security teams to implement security measures effectively.

10% Conduct in-depth investigations of cybersecurity incidents. Analyse file system images, memory images, and network packet captures to understand incident scope. Extract and analyse relevant indicators to identify potential threats and patterns.

10% Coordinate with the corporate VM team to help prioritize the remediation of vulnerabilities and assess if policy exceptions should be implemented. Provide guidance on any PER from a technical standpoint.

5% Communicate incident details, response plans, and progress to internal and external stakeholders. Collaborate with cross-functional teams, including IT, legal, privacy, content, and executive leadership during incident response efforts.

5% Stay current with the latest security technologies, industry trends, and best practices. Drive innovation within the incident response team to improve incident handling capabilities and champion automation wherever possible.

What you'll have:

The ideal candidate for this role should possess the following knowledge, skills, and abilities:
Knowledge of:
• Familiarity with hacker techniques, tools, and motivations.
• Comprehensive understanding of various operating systems, including Windows, OS X, Linux, and UNIX.
• Proficiency in multilayer security architectures and controls.
• In-depth application architecture knowledge encompassing mainframes, databases, web, middleware, and virtual environments.
• Expertise in network architecture, including firewalls, routers, switches, and load balancers.
• Familiarity with security technologies such as IDS/IPS, advanced endpoint protection, and antivirus solutions.

Skills:

• Ability to analyze file system images, memory images, and network packet captures.
• Proficiency in using both commercial and open-source security tools. (Autopsy, Axiom, Encase, FTK, X Ways, etc)
• Strong problem-solving skills, especially in situations with missing information and tight deadlines.
• Experience in dynamic malware analysis and indicator extraction.
• Proficient in indicator pivoting, tracking, and analysis. (Splunk)
• Capable of prioritizing multiple tasks rapidly, formulating effective plans, and communicating with customers and leadership.
• Incident and Forensic Security certification (SANS)

Desired skills (not required):
• Programming proficiency in two or more languages: C, Java, .NET, SQL, Python.
• Experience with shell scripting in two or more of the following: PowerShell, Bash, WMI.
• Familiarity with reviewing application source code for security vulnerabilities.
• Proficiency in using debuggers and/or de-compilers.
• Experience in reverse engineering complex code using tools such as IDA Pro, OllyDBG, WinDBG, and similar software.
• Ability to speak languages other than English (e.g., Japanese, Chinese, etc.).
• Information Security certification, Ethical Hacking Certifications and/or Vendor certifications.

Ability to:
• Adapt and take on new responsibilities to deliver consistent results.
• Communicate effectively with strong verbal and concise written communication skills.
• Run multiple tasks efficiently with strong organizational and multitasking abilities.
• Demonstrate a willingness to learn new skills through self-learning and on-the-job training.
• Exhibit an innovative mindset and stay up-to-date with evolving security technologies.

How we take care of you:
• Competitive salary, with annual bonus eligibility.
• A choice of comprehensive health plan options that fit your lifestyle including private medical insurance.
• Rest and recharge during a week off during the winter holidays, in addition to the 25 days of paid annual leave.
• Participate in extensive learning & development opportunities at all levels, including curated instructor-led classes and high impact online resources.
• Build your community by joining our Employee Business Resource Groups, and

[more...]