Log In Sign Up

Head of Intrusions and Investigations

Premium Job From Experis IT

Recruiter

Experis IT

Listed on

16th October 2017

Location

London

Salary/Rate

Negotiable

Salary Notes

Negotiable

Type

Contract

Start Date

ASAP

This job has now expired please search on the home page to find live IT Jobs.

Head of Intrusions and Investigations - Manchester/London - 6 Month Contract

My client, a large IT outsourcing organisation are currently working with a Telecoms client and looking for a Head of Intrusions and Investigations to join them on an initial 6 month contract. The role can be based from either Manchester or London and can offer a competitive daily rate.

The role is working in a global business and technology leader, innovating in research and development to shape the future of society at large. Working in a company always innovating and thinking ahead.

Role Description

* The Head of Intrusions and Investigations is a highly technical and crucial role in managing cyber security at the end client. The objective of this role is to develop and drive the strategy for Intrusions Management, Forensics and Investigations, Threat Intelligence, and Insider Threats. In addition, this role will lead the response to high risk security incidents and investigations including performing forensic analyses of potentially compromised systems in an effort to prevent computer security incidents from occurring.

* A successful candidate for this role will have an excellent working knowledge of the Cyber Kill Chain and all aspects of malware analysis, computer forensics (host and network based), networking, operating systems and technical architectures. The candidate must also possess strong written and verbal communication and interpersonal skills in addition to having the patience and a passion for the work.

* The Head of Intrusions and Investigations will report directly to the Chief Security Officer and will be expected to maintain strong relations with internal business partners. The role must also work closely with a number of key individuals and teams within the overall Group Security function. In addition, this role will partake in the engagement with external bodies regarding the security of the end clients services and data. These external bodies include Government, Regulators, Law Enforcement, Intelligence Agencies and Critical National Infrastructure.

Key Responsibilities and Deliverables

* Respond to emerging threats such as APTs and other forms of targeted attacks, organized crime, etc.

* Lead critical security incident response meetings and regularly communicate the status of security incidents to the CSO and other key stakeholders.

* Conduct technical attack analyses and forensics and drive high risk security incidents to closure.

* Reconstruct events of a compromise by creating a timeline via correlation of forensic data.

* Perform malware analysis and other attack analysis to extract indicators of compromise.

* Oversee the implementation and management of tools and technologies used as indicators of compromise (IOCs) and other threat intelligence.

* Collaborate closely with the Security Operations Centre (SOC), supporting the development of various operational use cases and content that will feed into incident response, investigations, and intrusions management.

* Assemble and coordinate with technical teams and third-party vendors to resolve incidents as quickly and efficiently as possible.

* Ensure that, where appropriate, all forensic investigations are recorded and tracked to meet audit and legal requirements.

* Conduct root cause analysis to identify gaps and recommendations in order to remediate security risks to the client.

* Set security strategy and priorities as part of the Security Leadership Team.

* Collaborate with external partners, government agencies and other companies on intelligence.

* Update policies, standards and processes to meet commitments made to external security bodies.

* Mentor and train junior analysts as needed.

Experience and Qualifications

* Experience in leading security incident meetings, delegating responsibilities, and influencing people to take action to assist in the resolution of security incidents.

* Experience in leading or participating in investigations involving third parties.

* Expert level host and network based forensics skills, malware analysis and log analysis and correlation skills.

* Strong experience working with attack analysis and forensic tools (e.g. GRR, Carbon Black, Bit9, Encase, open source tools, etc.).

* APT campaign/intrusion set analysis and tracking experience.

* Experience in developing and management an Insider Threat Program.

* Expert level understanding of TCP/IP fundamentals, network protocols, network flow data, system administration and network architectures, application and big data analysis.

* Strong understanding of Windows & Linux operating systems.

* Experience with SIEMs e.g., QRadar, ArcSight, Splunk, etc.

* Ability to understand complex problems while formally presenting them clearly and simplistically to executives and senior business stakeholders.

About the client:

A globally integrated enterprise, operating in over 170 countries. Employees, bringing innovative solutions to a diverse client base to help solve some of their toughest business challenges. In addition to being the world's largest IT and consulting services company, It is a global business and technology leader, innovating in research and development to shape the future of society at large. Its research, development and technical talent around the world partner with governments, corporations, thinkers and doers on ground breaking real world problems to help make the world work better and build a smarter planet.

If you feel you're a good fit or want to know a bit more about the role please contact me at

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox