4 months ago
The Security Incident Manager is the single point of contact for the Security Incident Response team during a live incident. They will co-ordinate the actions of the tier 2 analysts and understand the context, incident gravity and containment options available. They will support the Incident Response Team Manager and Head of Security Operations Centre to make any incident response escalation or crisis invocations. The senior leadership team will expect regular updates on the progress and the candidate will convey accurate and timely information from the team following the incident plan. A combination of calm and experience will have a direct impact on the ability of the Security Incident Response team succeeding in closing significant incidents. The successful person will have a passion for investigation and look critically at information given to form an accurate contextual picture.
The Security Incident Manager will:
* Maintain day to day communications with the Analyst teams
* Adjust the priority and make calls on triaged incidents to accelerate resolution and assign focus
* Ensure all incidents are recorded and managed through to completion
* Hold post incident reviews to understand potential for improvement in information sources and counter measure deployment
* Define requirements and improvements against current and future playbooks
* Take an interest in the company business and IT strategies to stay current on the mission and priority of the organisation
* Manage a diverse stakeholder list of internal customers, senior leadership team members, partners and IT, Legal, Public Relations contacts to disseminate relevant information and actions
* Operate the incident response plan and feed adjustments back to the Incident Response Team Manager
* Define and refine the constituency that is under effective monitoring
* Drive regular tests and scenarios to keep the team fit and ready for response
* Form a key part of the Blue team during red/blue testing scenarios
* Keep abreast of the changing threat landscape and how this impacts a Cloud first organisation
Proven understanding and experience in dealing with cyber security incidents and associated response measures is required.
Relevant experience in security operations, forensics, incident management, response and security monitoring are required for this role.
The role would suit someone who has spent significant time understanding the changing threat landscape and the response options available to Incident Response teams. They will have proven experience in threat hunting and response across a large enterprise.
The candidate should have a strong working knowledge across a significant portfolio of security solutions and at least one Security Information and Event Management solutions for gathering and processing live incident telemetry.
You should have experience in handling live cyber incidents in a functioning security operations centre. The ability to work under pressure is a must as is the ability to remain calm and focussed on the mission. The ability to explain the process to qualify and contain incidents will be tested as part of the recruitment process.
Excellent IT knowledge is required that informs a wide array of containment options for typical kill chain events. This would extend to include Windows, Linux, Mac operating systems, typical web applications, relational database technologies.
You will have a familiarity with various cloud platforms such as google cloud platform, Amazon Web Services and Microsoft Azure. Naturally this includes elements of Software as a service, Platform as a service and Infrastructure as a service. Understanding the mechanisms of breach and countermeasures in this space would be of significant advantage.
The ability to communicate effectively, constructively, confidently and professionally is key to the success in the role. This is especially important with the analysts who will form part of the team. They will need to be energised and coached to maintain focus during periods of extended analysis.
The need to question information that others would take on face value and remain inquisitive across the enterprise will improve the likelihood of chasing down incidents to confident closure.
Security/Technical/computing degree preferred. Applicable professional certifications within the cyber incident management and broader security arena are highly desirable - CSIR/CREST/SANS/GIAC etc.
We're Wales’ only FTSE 100 company with forward-thinking approaches and endless opportunities to test, learn and grow. There's a reason we've been named a best place to work: Our progressive culture, core values, and commitment to diversity and inclusion has created a working environment where people share ideas, aren’t afraid to speak up and change things, and above all, are felt valued.
Based on innovation and organic growth Admiral has grown from being a small start-up into one of the largest car insurance providers in the UK. The company is constantly investigating new products, services and markets and is now in seven countries with a diverse product portfolio.
Admiral’s success goes hand-in-hand with having a strong people focussed culture. We believe that happy people make happy customers and happy customers help increase profits. Our philosophy is a simple yet effective one: people who enjoy what they do, do it better.
We truly care about our customers, they are at the heart of every decision we make. We’re very proud of the innovative products we offer and level of service we provide. Everything we do acknowledges the needs of our customers and by recruiting the right people, we can continue to provide great service and ensure an excellent experience for our customers.
Admiral people work hard to keep us at the top of our industry, and are rewarded for it—with competitive pay, great benefits, a share package based on company performance, work-life balance opportunities, nearby fitness and health centres, and other special perks.
The Recruitment Officers looking after this role are Jessica Sutton (Jessica.SUTTON2@admiralgroup.co.uk) and Luke Tooze (Luke.TOOZE2@admiralgroup.co.uk) . If you’d like to know any more about the position, please feel free to drop them an email or give them a call on the Recruitment line.