Job summary

Th role is to provide specialist knowledge and skills for comprehensive cyber-attack monitoring and incident response development, automated vulnerability management, with associated process and procedures.

Key skills required for this role

Cyber Security Architecture, CAF, NIST Cyber Security Framework, TTPs, threat hunting, NCSC, NIST best practice Intrusion Detection (IDS/IPS) and Network, Endpoint Detection & Response (EDR & NDR), SIEM, DLP, threat intelligence (e.g. MITRE, TTPs)

Important

SC Cleared Cyber Security Architect

Job description

Role Responsibilities:

• Developing and operating the cyber-attack monitoring and response capability, comprising signature and anomaly-based detection, and threat intelligence-based detection and response (e.g. MITRE, TTPs), based on the NIST Cyber Security Framework. Identifying gaps in coverage/monitoring.
• Developing an Endpoint Detection and Response (EDR) capability with User and Entity Behaviour Analytics (UEBA) functionality: malware and ransomware protection, forensic investigation, and insider threat/DLP.
• Creating a Cyber Security Operations and Incident Response playbook, based on NCSC and NIST best practice, and integrating with wider service delivery teams, including delivering training on developed capability.

• Developing an automated vulnerability scanning and management process in collaboration with stakeholder teams.
• Developing hardened operating system and network configuration standards and working with stakeholders for implementation as BAU
• Developing an intelligence/situational awareness capability for current and emerging threats, vulnerabilities, and technology developments, feeding into the monitoring and response capability accordingly (e.g. Indicators of Compromise) and providing Threat Intelligence reporting
• Communicating effectively on cyber-attacks, incidents, and threats to a non-specialist audience
• Additionally, the interim will be required to provide cover of duties for the Cyber Security Analyst, performing cyber security operations and response

Experience and technical knowledge

• Experience: Demonstrable operational and technical experience in Cyber Security, supporting and developing overall strategy, with wide experience implementing best practice methodologies, architecture and tools, e.g. NIST, CAF, etc.
• Experience: Demonstrable operational and technical experience of building an operational cyber-attack monitoring and response capability based on the NIST Cyber Security Framework., Identifying gaps in coverage/monitoring.
• Experience: Demonstrable experience of developing SIEM capability to provide a holistic, "single pane of glass" view of threats and attacks, e.g. TTPs, correlation rules, dashboards etc., to enable timely response and threat hunting
• Experience: Demonstrable ability to communicate complex and technical information/ideas orally and in written form to specialist and non-specialist audiences to a very high standard
• Technical: Deep knowledge of Intrusion Detection (IDS/IPS) and Network &

Endpoint Detection & Response (EDR & NDR), SIEM, DLP

• Technical: Deep knowledge of cyber-attack methodologies & kill chain, incorporating threat intelligence (e.g. MITRE, TTPs)
• Technical: Deep knowledge of cyber security incident response best practices

Qualifications

• Relevant Cyber Security Certifications (NCSP, GSOC/GSOM, GCIA/GX-IA, GX-CS,

GCIH/GC-IH, GSLC, CISSP, etc.) preferred

• Degree in Computer Science, Cyber Security or equivalent working experience preferred