Our client is one of the most recognisable fitness apparel & accessories brands and online retailers in the UK. Although still a young company, they have been one of the fastest growing brands in the fitness apparel market and have millions of customers and followers from more than 100 countries across the globe.
Currently they are looking for a new Incident & Threat Lead for their fast growing Cyber Security team.
— MISSION —
As the Incident & Threat Lead you will be responsible for the discovery, management and assessment of all incidents, threats and vulnerabilities affecting the company’s systems, as well as liaising with stakeholders in order to address any of the identified issues.
— RESPONSIBILITIES —
- Act as the Incident Response leader to provide clear communications to stakeholders.
- Perform root cause analysis to identify gaps and provide technical and procedural recommendations that will reduce company’s exposure to cyber-risks.
- Develop and lead ‘game day’ exercises to test and validate incident response readiness.
- Assist in designing and implementing a structured roadmap to cover the current and future needs or gaps of a rapidly expanding international business.
- Partner with Technical and non-technical stakeholders to develop and agree effective mitigation plans for vulnerabilities.
- Establish and lead task forces of cross functional technical resources to respond to highest risk/most complex vulnerabilities and contribute technical specialist knowledge where applicable.
- Understand and stay current with the critical threats to our On Premise and Cloud based IT solutions by continually analysing cyber threat intelligence sources.
- Provide Incident, Technical Threat and Vulnerability reports as result of reactive and proactive investigations in business risk terms, which highlights mitigating steps and/or solutions to resolve the risks.
- Assist in Delivering a global SIEM logging and analysis tools to identify breaches or malicious activity on network or cloud infrastructure both internal and customer facing.
- Identify technical and procedural enhancements and opportunities to improve the capability of the Incident Response, Threat & Vulnerability function.
- Develop internal methodologies and processes, based on industry standards.
- Promote a proactive approach to addressing the changing threat landscape by recommending architectural improvements to security infrastructure.
- Produce executive level risk-based reporting of threat and vulnerability landscape.
— REQUIREMENTS —
- Have or currently working towards an industry recognised qualification in Cyber/InfraSec.
- At least 3 years of experience within a Cyber Security/Infrastructure Security Team
- Knowledge of OWASP Top 10, CVSS (Common Vulnerability Scoring System), CVE, Penetration Testing and vulnerability scanning techniques
- Experience working in a SOC; preferably managing a team
- General knowledge of current and emerging security technologies, Strong information security knowledge including web, network and endpoint protocols
- Sound operational knowledge of SIEM, firewalls, intrusion detection and vulnerability management systems and security tools.
- General High level of organisational skills
- Experience in supporting a Mid-Sized HQ and Satellite Office user base in all Cyber/InfraSec related questions and queries
- Experienced in cloud infrastructure and proprietary software
- Experience in large volume data organisations focussed around PII
- Commercial Awareness and a creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.
Please submit your application via the following email address: firstname.lastname@example.org quoting the job title in the subject.