Tech Lead - SOC Responder

• SIEM, IR tools platform management including all design, implementation and administration activities, use cases preparation and implementation, connector deployment, maintenance & health checks
• Responsible for operational activities, technology escalation support, security solution assessment, build activities, existing service maturing and build activities assist
• Analyse potential infrastructure security incidents to determine if incident qualifies as a legitimate security breach
• Establishing and governing the security incident response processes, investigations and security operational processes
• Maintenance and enhancement of formal service catalogue, service descriptions, targets and performance against these
• Ensure security services, tools and platforms are adequately maintained
• Monitoring of and reporting on the effectiveness of our security enforcing technologies
• Identification and ongoing monitoring of specific security risks and KPIs and production of management information to ensure Colt receives value from key security investments/services
• Contribute to design, development and maintenance of security standards and controls
• Align team’s goals and plan with Colt’s long term priorities and strategy
• Develop and grow the talent and people capability within the security teams

£175k base, circa £260-300k TC

• 6+ years Information Security Incident Response experience with a focus on detection and response to malicious activity using log data from various sources preferred
• Strong networking and systems experience, preferably in an enterprise environment
• Strong understanding of information security and the threat landscape surrounding enterprise systems
• Strong scripting experience (Python, PowerShell, Unix shell)
• Demonstrated experience working in all phases of the SDLC
• Deep understanding and experience using cyber security operations, security monitoring, endpoint (EDR), network, and SIEM tools
• Prior SOC experience a plus
• Extensive knowledge of network and server security protocols, technologies, and products
• Industry recognized certifications (CISSP, GCIH, GCFA, OSCP, etc) preferred
• Strong oral and written communication skills
• Relentless curiosity and attention to detail
• Ability to learn quickly and leverage prior experiences to effectively solve current security challenges
• Refusing to accept the status quo
• Degree in Information Technology, Engineering or similar
• SIEM management – Desirable to have some advanced certification from SIEM vendor on products such as ArcSight , MS Sentinel or Logrhythem