Government Recruitment • London, UK
About this role
Job summary
The Cyber Defence team delivers cyber threat intelligence, threat detection and incident response capabilities for the Cabinet Office, and is responsible for defending both internal IT infrastructure and citizen-facing services. As an Incident Response Lead, you’ll take a primary role in building and delivering these core capabilities, focusing on managing and responding to incidents.
Cabinet Office Digital is committed to building a diverse and inclusive team. We particularly welcome female applicants, as we want to increase their representation in this type of role.
Job description
As an Incident Response Lead, you will
Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents
Lead the forensic analysis of systems, files, network traffic and cloud environments
Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions
Support the wider coordination of cyber incidents
Review previous incidents to identify lessons and actions
Identify and deliver opportunities for continual improvement of the incident response capability
Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
Develop and update internal plans, playbooks and knowledge base articles
Act as an escalation point for, and provide coaching and mentoring to, security analysts
Be responsible for leadership and line management of security analysts
Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.
Person specification
Essential criteria
We’re interested in people who have
Significant experience investigating and responding to cyber incidents
Significant experience using security tools (e.g., EDR, SIEM) to support the investigation and response to cyber incidents
Experience managing and coordinating the response to cyber incidents
Experience coaching and mentoring junior staff
An in-depth understanding of the tools, techniques and procedures used by threat actors
Excellent analytical and problem solving skills
Excellent verbal and written communication skills
Additional information
Cabinet Office policy is that a minimum 60% of your working time should be spent at your principal workplace. For some roles, due to their nature and the business need, this may be up to 100%. Requirements to attend other locations for official business will also count towards this level of attendance.