Our Government client is currently recruiting for a Incident handling Lead, on a 3 month initial contract paying £700 P/D inside IR35 Remote working.
Role: Incident Handling Lead
Contract Length: 3 months initially with possibility of extension
Pay Rate to Candidate: £700 per day Umbrella
• Incident Handling Team Management – Providing oversight and management of a team of incident handlers carrying out the protective monitoring and incident handling functions for the CDOC, as well as directly getting involved to perform activities, as required.
• Protective Monitoring – working with the CDOC’s toolset to provide triage and analysis of notable cyber security events which are generated from customer environments, gathering technical information, and helping to give context to alerts as they occur. Documenting findings and escalating to the Incident process where required.
• Incident Handling – Carrying out the creation and handling of incidents for customers according to established service agreements. Ensuring incidents are prioritised according to agreed frameworks, escalating where appropriate and managing these through to a satisfactory resolution.
• Major Incident Management – Participating in major incidents, either as lead or an involved party to ensure efficient resolution of major incidents and delivering appropriate communications and ticket management as per major incident processes. Participating in any resulting incident review or lessons learned sessions.
• Threat Hunting – Using available tools, logs, direct system access, etc. carry out proactive work for the CDOC’s customers to find cyber security issues based on an initial hypothesis, helping to identify security problems and improve the security posture of CDOC’s customers
• Contributing to CDOC Knowledge Base – Actively contribute to the ongoing development of the shared CDOC knowledge base, documenting and improving SOC processes.
• Content Development – playing an active role in the CDOC’s Use Case Factory process, using a threat-led approach to improve and develop the content which drives the team’s Protective Monitoring function. This could be through identifying and designing new content, conversion of threat hunts, tuning existing content or other improvements.
• IH management - reviewing tickets/alerts completed by analysts, running daily calls, analyst check-ins, side project management
• IH admin/resourcing - analyst shifts, on-call rota and system programming, holiday/leave tracking, interviewing new analysts, etc.
• Metrics and reporting - producing and presenting metrics for senior management (weekly) and customer service reviews (monthly)
• Onboarding - supporting customer onboarding process, including negotiating incident escalation channels, and running comms tests.
• Cloud technology experience (AWS and Azure – Security focus especially)
• Splunk Enterprise Security experience and associated certifications
• Familiarity with common cyber security frameworks (MITRE ATT&CK, Cyber Kill Chain), threat hunting
• Experience of incident response engagements, whether on-prem or in cloud environments.
• Familiarity with the Atlassian productivity suite (Jira, Confluence