CSIRT Incident Lead
CSIRT Incident Lead - Uxbridge London
Please note that there is no visa sponsorship on offer. All candidates should therefore ensure they are eligible to work in the UK without the need for visa sponsorship before applying.
My client, a highly recognisable brand and market leader in their industry, are looking to hire a CSIRT Incident Lead to lead a Cyber Operations team which covers, event management; identity & access management; incident management and response; IT process interface; investigations and forensics; endpoint security operations; threat hunting; Cyber security incident response (CIRT) and security Monitoring.
Familiarity with appropriate legal frameworks - GDPR being the key focus
Deep understanding of Risk Management Framework
Experience of working in an Agile environment as part of a multi-disciplined team
Strong knowledge and demonstrable experience of cyber security technologies and methods
Security event log collection and analysis
Strong experience in enterprise operating systems (Wintel; Linux; Unix)
Solid experience in multi-vendor networks and firewalls (Cisco, Palo Alto, Juniper)
Good experience in Database technologies (SQL, Oracle, DB2, Mongo)
Experience of vulnerability and threat assessment
Experience of Intrusion detection and prevention systems
Experience of Web-based application security including Akamai Kona, Apigee etc.
Ability to develop custom code (perl / shell scripting etc.)
Experience of Cloud systems and their architecture (Azure, AWS, Office 365)
Experience of working in a 24/7 Security Operations Centre environment or similar
Experience of Incident Handling processes and procedures
Knowledge of legal requirements for privacy of personal information from employees and customers
Demonstrable experience of working effectively with managed suppliers and vendors
Strong working knowledge of Splunk and log analysis in an enterprise environment
Exposure to numerous malware variations and IOC's.
Understanding of Java web applications and their security configurations.
Splunk (Core, ES and UBA)
Knowledge of protocols including E-mail / SMTP, DNS, SSL / TLS
Windows Active Directory and Policies
System Configuration including Microsoft Intune & SCCM
ITSM Tools including Remedy & Remedy CMDB
Nice to Haves;
Industry Standard qualifications and training (SANS; GIAC; CISP), and/or recognised security certifications