Working for a leading insurance organisation on an initial 6 month contract. Can be based fully remote anywhere in the UK.
The successful candidate will manage and lead the network-intrusion detection and response programme to ensure detection & response capabilities are operating as designed. The role will build, run, own and enhance network detection capabilities across all environments. The role will also provide cyber incident response (CIR) functions and act as a subject matter expert for all second line cyber incidents, malware analysis and forensic investigations. The role will manage the relationship and ensure the right levels of SLAs are in place with the outsourced forensic company for any analysis that needs line 3 review. The role will also understand the technology stack and ensure detection and response capabilities transcend across technologies in use.
*Managing the forensic outsourcing arrangements with a third party
*Building new detection capabilities across all environments and managing their output
*Enhancing current detection tooling
*Provide monthly statistics on detection capabilities
*Be the elevation point for line 1 analysts in the event of a complex detection alert
*Be the subject matter expert for any alert that requires cyber incident response
*Carry out line 2 forensic analysis of any high-risk detections that fall outside the SLAs agreed with the outsourced forensic company.
*Liaise with the MSSP to ensure detection capabilities are aligned to InfoSec standards
*Provide on-call cover for out of hours emergency Cyber Security incidents
*Programming experience in language such as Python
*Scripting experience in languages such as PowerShell
*Experience of forensic analysis
*Experience of developing detection tooling from design level
*Knowledge of EDR tooling
*Experience in cyber incident response
*Hold relevant SANS courses or equivalent