Defensive Security Operations Lead
About the Client: They are a customer-centric insurance provider with a strong commitment to cybersecurity. Reporting to the Head of Security Operations directly, you'll play a crucial role in managing our security operations and protecting digital assets,
Job Overview: The Defence Security Operations Lead to join our growing team. Reporting to the Cyber Operations Manager, you will ensure the efficiency and effectiveness of our security operations. You'll manage the Security Operations team and collaborate with our third-party SOC provider. This role involves daily leadership, addressing operational issues, and serving as the primary point of contact and escalation for the team. Collaboration is key, as you'll work closely with various stakeholders, both internal and external, including our CISO department and third-party suppliers.
Process and Procedure Documentation: Maintain process and procedural documentation defining our security operations, facilitating efficient operations, incident response, ensuring transparency, and compliance.
Operational Improvements: Collaborate with core operational security suppliers to identify opportunities for improvement, address operational issues, and explore new technologies and services.
Performance Metrics: Develop and maintain key performance indicators (KPIs) to gauge the effectiveness of security operations, aiding in threat identification, defense, response, and team situational awareness.
Reporting: Prepare weekly reports on security operations, highlighting risk areas and collaborating with other team leads to formulate remediation plans.
Incident Response: Oversee the 24/7 operational security incident response process, including on-call duties. Liaise with internal teams to ensure efficient incident resolution.
Detection Improvements: Implement improvements in threat detection mechanisms based on identified operational threats.
People managment: Champion staff training in cyber defense procedures and incident response processes, ensuring team readiness for major events.
Third-Party SOC Management: Manage the day-to-day relationship with our third-party 24/7 Security Operations Centre (SOC).
Who are we looking for:
- Proven leadership in operational teams within information technology and security.
- Advanced knowledge and operational experience in SIEM tooling, firewalls, intrusion detection and prevention systems, anti-virus, content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning.
- Advanced understanding of information security, border protection, incident handling and response, forensics, endpoint protection, and encryption.
- Advanced knowledge in security operations, with an emphasis on event management.
- Proven experience with a 24/7 SOC and in-depth knowledge of operational flows that support it.
- Expertise with log analysis tools, phishing, network analysis, and the ability to work with logs from various sources.
- Knowledge and experience in using various security-related exploits and tools.
- Strong understanding of computer science principles and network infrastructure.