Cyber Incident Operations Manager

Join to apply for the Cyber Incident Operations Manager role at HMRC
.

This range is provided by HMRC. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Cyber Security provides vital protection for digital assets that provide essential services to the public. This role is essential for the investigation and review of our systems and data to identify security weaknesses, provide recommendations to improve our security posture and to drive delivery of those improvements.

The outcome of the role is to methodically identify and reduce threats to the HMRC estate using the technical countermeasures we have available. Ensuring our cyber security controls are effective and fit for purpose with accurate configuration and security posture. As well as continuously identifying new technical controls to answer risks.

You’ll work in our Incident Management Team, an exciting and fast paced group responsible for monitoring and responding to cyber threats. You will lead a team of 6 specialists, providing support and guidance on technical issues whilst remaining cool under pressure.

You will have a strong technical background in cybersecurity, a proven track record of managing incident response teams, excellent vendor stakeholder management skills and possess exceptional leadership, communication, and problem-solving skills.

• Triaging and investigating security alerts from multiple systems.
• Managing the response to cybersecurity incidents and related investigations, following the incident response lifecycle, to a timely and effective resolution.
• Developing alerts and use cases against very large data sets over some of the latest technology.
• Malware analysis: ability to perform static and dynamic malware analysis to understand the nature of malware.
• Establish and maintain incident response processes, procedures, and documentation, ensuring they align with industry best practices.
• Serve as a subject matter expert on cyber security frameworks, including NIST, MITRE ATT&CK, and the Cyber Kill Chain.
• Computer forensic analysis: experience using a variety of forensic analysis tools in incident response investigations to determine the extent and scope of compromise.

You will be curious and inquisitive by nature, a person who enjoys getting to the root cause of issues, especially around threats to our network.

You are a team player who enjoys working collaboratively with colleagues across teams and business areas, including suppliers.

You will have proven analytical skills, using data and information in various formats. You will have good report writing and presentation skills.

At least one of the following:

• SANS certification.
• Experience of working in a SOC as part of an incident response function.
• Experience using common security technologies such as SIEM, EDR, IDPS, and Network Security Analysis.

EDR and other Microsoft monitoring systems (MCAS, etc).

Good understanding of Threat Hunting TTPs.

• Mid-Senior level

• Full-time

• Information Technology and Legal

• Government Administration

Labour Market Supplement (LMS) will be paid for suitable qualifications and experience.