Incident Response Manager - Cyber (CCIM, GCIH)
The successful candidate is expected to manage cyber-security incidents as well as perform elements of digital forensics (disk, volatile memory, network packets, logfiles). When not responding to incidents, you will help our clients to build their in-house incident response capabilities, which will include: authoring and adapting runbooks/playbooks, assessing the incident response maturity, assisting in table-top cyber-scenario exercises. A candidate with a very strong area in incident management and a developing area in digital forensics or vice-versa will be considered, provided they can demonstrate that they are striving to address the weaker area.
As the clients expect that cyber-incidents will be dealt with urgency and their occurrence cannot be predicted, there is an expectation that the candidate will have flexibility in terms of working hours. In return, the business will offer flexible working hours and work from home days for employees who will have demonstrated reliability in delivering on promise. At the manager level, the employees are measured on performance rather than micro-managed.
Above all, we are looking for demonstrable passion for the field of cyber-security.
- Management and co-ordination of cyber security incidents on behalf of clients, working closely with the incident management lead within the team.
- Digital forensics of relevant incident data (disk, volatile memory, network packets, log files).
- Maintaining a current view of the cyber threat, and being able to advise clients on the threat landscape and attacks which may be relevant to them.
- Assessing client incident response capability maturity.
- Helping stand-up or improve clients' own incident response capabilities.
- Project management of engagements to deliver high quality work in a timely manner to include:
- o Scoping
- o Financial management
- o Engagement and risk management
- o Production and review of deliverables.
- Liaising with clients on delivery, implementation and sales issues.
- Identifying and developing constructive client relationships, both inside and outside of business.
- Coaching and developing team members through sharing of experience and knowledge.
- Supporting leadership of the team in embedding effective working practices.
- Coaching and managing performance of junior team members.
Experience and Background
- A broad understanding of the cyber security threat landscape and experience in developing tailored threat assessments for organisations.
- Strong technical background in computers and networks.
- Experience of dealing with cyber security incidents and associated response measures.
- Experience of being part of an incident response team, either holding a formal role, or being able to evidence their personal contribution to the team.
- Understanding of a wide range of information security and IT methodologies, principles, technologies and techniques.
- A genuine interest and desire to work in the information security field.
- Standing and positive reputation in the information security community is seen as a plus.
Qualifications and Skills
The successful candidate will demonstrate strong technical background in computing and networks as well as in cyber-security either by having the relevant work experience, completed a degree or obtained industry relevant certification. Therefore the qualifications below should be seen as a mix rather than as an item:
- Excellent communication skills (both written and oral) and project management skills.
- Strong IT and network skills - knowledge of common enterprise technologies - Windows and Windows Active Directory, Linux, Cisco, etc.
- (desirable but not required) Degree level qualified, MSc in Information Security, IT or relevant subject.
- (desirable but not required) General information security certificates such CISSP, CISM or CISA.
- (desirable but not required) Incident management certifications such as:
- o CREST certified incident manager (CCIM).
- o GIAC Certified Incident Handler (GCIH)
- (desirable but not required) Digital forensics certificates such as:
- o CREST certified registered intrusion analyst (CRIA),
- o CREST certified network intrusion analyst (CCNIA)
- o CREST certified host intrusion analyst (CCHIA)
- o CREST certified malware reverse engineer (CCMRE)
- o GIAC Certified (Network) Forensic Analyst (GCFA, GNFA)
- (desirable but not required) A current government security clearance (SC/DV) or willingness to acquire such a clearance will be seen as an advantage.