Cyber Security Operations Lead

Detailed Description From Employer:

Cyber Security Operations Lead - Outside IR35- 12 Months

Loriens leading Public Sector client is looking to bring on a Cyber Security Operations lead on a initial 12 month contract.

We are looking for a security person to lead the SecOps team, they must act as the technical escalation point for a small team of analysts during business as usual security operations work. The lead will also work with the head of cyber security and risk and the security architects to set priorities for improvements in the SecOps processes and toolset.
The team also work reactively to respond to alerts and incidents, making rapid decisions and recommendations given risk and business context. The team gather threat intelligence and vulnerability data, configure proactive monitoring rules, and are part of the handover to live for all new digital systems. The SecOps lead will balance the daily running and maintenance of existing processes and tools with continual improvement. They will support and mentor the analysts to ensure personal development for all team members. They will develop close contacts with business change teams, servicedesk, network and infrastructure engineers. They will report to the head of cyber security and risk.

Key Responsibilities

• Use understanding of digital systems and attack frameworks to apply theory to practice.
• Be aware of the current cyber threat landscape and industry best practices and standards.
• Lead on improvement to coverage and depth of security monitoring and vulnerability scanning
• Design vulnerability data gathering and prioritisation procedures
• Act as technical escalation point for analysts on significant incidents, investigations, including hands on experience
• Establish procedures for intelligence ingestion and threat hunting
• Working with architects and interpreting designs to ensure strong handover to SecOps during new service go live.
• Recommendation and implement improvements to SecOps processes and tools (eg automation of workloads)
• Design security KPIs and SecOps management reporting, and the gathering of data in support of them
• Own completion and accuracy of all SecOps-related product delivery evidence

Technical scope

• Security products (M365 Defender stack, Sentinel/SIEM, email filtering (including authentication protocols), AV, firewalls, WAFs, Defender for Cloud)
• Security Testing (SAST, DAST, vulnerability scanning, configuration compliance scanning)
• Virtualisation platforms and operating systems, including Hyper-V and Windows Server.
• Enterprise Systems (Azure, M365, Intune, email, PKI, AD, GP, SCCM)
• Application platforms (MS Dynamics, Power Platform)
• Cloud platforms (Azure)
• Detection engineering (Log Ingestion, Rule Development, Tuning and Maintenance, detection testing)

Skills Required

• Security monitoring service delivery and improvement
• Vulnerability detection service improvement, finding prioritisation and reporting.
• Ability to communicate on technical issues with users and senior managers
• Recent experience in incident response
• Ability to work well in small team with internal colleagues and suppliers
• Ability to self-start, accept ownership and oversee organisation wide protective responsibilities
• Ability to share knowledge and experience with colleagues, including mentoring of analysts

Desirable Skills

• Experience with Qualys, M365 Defender, Sentinel, Fortinet, Power Platform

Desirable Qualifications

• Microsoft - on-premise and cloud related engineering level certifications
• SANS or similar security operations certifications

Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.