Cyber Incident Response Team Manager

We are PXC, the UK's largest provider of wholesale connectivity. Our vision is to be the UK's #1 wholesale platform, a one-stop shop provider of connectivity, voice, cloud and security underpinned by the UK's most robust, secure, resilient and reliable network.

Born from the combination of Virtual1 and Talk Talk's wholesale services and national network business, we operate across our 3 core sites (Salford, London and Skopje, North Macedonia).

Our mission is clear, to be the UK's best company to work for and best to work with. We believe this success is driven by the power of our employees. We empower our people to become true experts in their field who embody our values every day: we care; we challenge; we commit.

Cyber security is a real and growing threat to all businesses. Maintaining an effective security capability is critical for PXC and its customers.

The CIRT Manager will lead the teams responsible for security incident escalations, intrusion analysis, threat intelligence, threat monitoring, forensic investigation, security operations tooling orchestration and automation. In addition, this role will be key for supporting product development of cyber security related products and services as well as accountable for building the tooling and response packages for any product(s) that need to be supported by Security operations teams.

The CIRT Manager will be adaptable to the changing Security landscape and have excellent verbal and written presentation skills in relation to communication of technical findings to senior stakeholders. They will enjoy mentoring more junior colleagues to promote growth and development within the team. The role is based in the PXC main office, in Salford, and is aligned with PXC's dynamic working policy.

The CIRT team identifies and responds to security threats affecting the PXC and partner environments, though interaction with disparate sources, including cyber threat sensors and threat intelligence data. We implement containment, eradication, recovery, forensic and post incident measures commensurate with the threat to business operations, whilst coordinating and escalating to business partners as appropriate. The team is also responsible for ensuring that effective and efficient incident response platforms and controls are available to all colleagues across Technical and Security Operations (TSOC) and CIRT.

This includes identification, development and implementation of appropriate Security technologies, processes and procedures, onboarding of Technologies initiated by other areas requiring Security monitoring, as well as driving the CIRT Strategy for the business. In addition the team is also responsible for several areas of testing / simulation to ensure that our Team and Controls are operating optimally, as well as driving evaluation and implementation of new security products PXC wish to offer to its customers in the future.

• Define the yearly CIRT strategy, aligned to the wider Security team strategy and aimed at identifying key opportunities for continual improvement across Detect and Respond capabilities.
• Responsibility for ensuring our responses (both TSOC and CIRT) are adaptable & optimised to current external threats, based on up-to-date and reliable Cyber Threat intel sources.
• Ensure Incident response and related communication procedures are adhered to throughout incident life cycles, whilst leading on complex incident response and related post-incident activities following incident resolution.
• Lead the Operational Security team onboarding of new services or platforms aligned to the Security Programme, providing complex engineering analysis and support for the establishment of operational security controls.
• Maximise current security technology investments, ensuring their full capabilities are realised whilst embracing the potential to develop additional associated automation capabilities in relation to incident response maturity and are managed in line with established quality and operational requirements throughout their lifecycle, including change management, appropriate Operational processes and via defined SLAs.
• Lead the technical development of specialist operational roles (e.g. security monitoring, forensics, malware analysis, threat intelligence, proactive hunting) to ensure we have highly skilled, situationally aware personnel.
• Work with the TSOC team and Security SMEs to ensure all day-to-day operational Security activities are delivered in an efficient and effective manner, ensuring that in-scope knowledge transfer and training has been provisioned to all operational Security teams, to support the Strategic aim of Cross Skilling the 24x7 team whilst identifying and leading on CSI for the team.
• Ensure that the Security Ops knowledge management system for Security processes, operating procedures, knowledgebase and interface documents for external Security partners, can be used intuitively and efficiently by all Security Ops…