Director Cyber Defence Operations

Job Description

DirectorCyber Defense Operations DFIRThe Director Cyber Defence Operations is responsible for leading a global team providing proactive threat detection and response capabilities across a vast technology environment encompassing both traditional on-premise and cutting-edge cloud native assets.The role will drive the strategic direction of the function, as well as providing hands-on expertise in predicting, preventing, detecting and responding to security threats of all types and sophistications. The Director Cyber Defence Operations will be a vocalproponent of modern approaches to autonomic security operations, driving a threat intelligence lead, data driven and engineering rooted philosophy across the team and wider business.The ideal candidate will be as comfortable presenting to senior stakeholders as they are deep in the depths of a complex and multi-faceted digital forensics investigation and will thrive on coming up with exciting new solutions to a broad range of standardand cutting-edge problems and seeing them through from design to execution.The Director Cyber Defence Operations will be a role model to the team and will succeed by continually upskilling others through their experiences, mindset and capabilities. Always challenging the status quo, looking at areas for development and not beingafraid to seek out and eradicate problems to ensure the security of the business.Key Responsibilities:

• Lead and manage a global team of specialists performing continuous threat detection and response operations including:
• Signals acquisition
• Detection engineering
• Attack analysis
• Proactive threat hunting
• Incident response / incident management
• Digital forensics / malware analysis
• Own, develop, maintain and exercise cyber incident response plans, processes and playbooks.
• Work closely with Security Engineering teams to:
• Recommend system tuning/configuration improvements.
• Leverage and oversee automation & orchestration initiatives.
• Identify opportunities for application of data science techniques.
• Drive strategic capability development roadmap for TDR.
• Integration and exploitation of cyber threat intelligence in conjunction with internal CTI team and external sources.
• Ensure operational excellence through measurements, KPIs, reporting and continual process improvement.
• Evangelise forward thinking data and engineering lead operational models such as:
• Detection-as-code
• Autonomic security operations
• DevSecOps
• Continuous validation/testing
• Cloud-native security operations.
• Develop and manage a personnel skill and capabilities development framework.
• Continuous professional development through training, conferences and self-education.

Required Skills:

• Significant and demonstrable experience working in advanced detection, threat hunting and/or incident response function as a lead.
• Experience developing incident response processes and supporting documentation.
• Understanding and application of proactive hypothesis-based threat hunting methodologies.
• Application and exploitation of common frameworks such as MITRE ATT&CK, NIST etc.
• Proficient in performing complex investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools across Windows, MacOS and Linux.
• Hands-on experience with modern detection technologies such as EDR/XDR, SIEM (Splunk/Sentinel), SOAR, NIPS/HIPS.
• Extensive knowledge of networking concepts, including network detection and response tooling and intrusion prevention (Snort, Zeek, Suricata etc.)
• Proficient with investigating large-scale data compromise events across a hybrid on-premise, public and private cloud environment (AWS, Azure, GCP preferred).
• Understanding and experience investigating and responding to incidents in cloud native technologies such as containers (Kubernetes, AWS ECS/Fargate) and serverless (AWS Lambda).
• Knowledge of digital forensics forensic best practices and industry standard methodologies including chain of custody, evidence acquisition and appropriate tooling (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT etc.)
• Able to articulate and visually present complex forensic investigation and analysis results equally effectively to both industry professionals and internal business partners.
• Proficiency in at least one or more modern programming or scripting languages (Python, Go, Rust etc.)
• Evidence of previous security solution design, implementation and engineering successes.
• Understating of DevSecOps approach and implementation of everything-as-code" models.
• Experience acting as a technical team lead and mentor to junior team members.
• Strong verbal and written communication skills.

Qualifications & Experience:

• Degrees non-essentialequivalent prior work experience in the field, a must.
• Industry standard certifications (GCFA, GNFA, GCFE, CFCE, OSCP, CREST etc) are a plus but not essential.
• Memberships and participation in relevant professional associations (ISC2, ISACA etc).
• Previous contributions to the industry (conference talks, code projects, volunteering).

Job: TECHNOLOGYOrganization: Corporate Strategy & TechnologySchedule: FULL_TIMEReq ID: 9085