Vice President - Digital Forensics and Incident Response Manager

We are looking for a VP to join our Cyber Security Team in London.

Duties & Responsibilities

Incident Response and Security Monitoring:

• Analyse, develop and refine security monitoring controls, practices and use-cases to detect anomalies and incidents across the applications and infrastructure estate.
• Monitor activity upon specified information systems and devices. Identify and report suspicious, improper, malicious or harmful activity. To include regular and ad-hoc reporting.
• Undertake complex IR investigations into specific threats or security incidents both internal and external.
• Identification, escalation and reporting of security incidents and breaches. Co-ordination of responses to these breaches, assess the impact and improving the overall Incident Response process.
• Experience in incident investigation, and analytics of network and host-based artifacts.
• Experience with IR and Forensics tools, packet inspection tools

Security Engagement & Best Practice

• Work alongside the company’s independent penetration testing program.
• Work closely with other technical and business departments to mitigate security/cyber risk:
• Implement SOPs and refine processes.
• Identify potential security threats and risks that may need review.
• Assist in risk assessment/acceptance/remediation processes
• Develop and mature the Incident Response and Threat hunting capabilities.
• Implementation of Incident Response frameworks/methodologies such as Kill Chain, MITRE, Threat Modelling, Diamond Model.
• Development of Threat Intelligence capabilities and integration of such controls with the security monitoring framework.
• Development of Security monitoring use cases and implementing custom IOC within the controls to detect suspicious and unusual traffic.
• Development of Vulnerability Management program within the organisation.
• Provide support to the IR practises such as IR investigations, and forensics procedures/processes.

Other

• Providing subject matter expertise in Cyber Security as needed.
• Contribute to the design and delivery of security monitoring and control effectiveness reporting measures.
• Availability to cover anywhere from 7am to 7pm on all business days noting that ad-hoc cover outside of the normal work day may sometimes be needed.

Qualifications, Skills & Experience

• Incident Response Leadership skills. Relevant experience in managing and oversee/coordinate Incident Response and Security Monitoring;
• Relevant experience in working with threat modelling frameworks.
• Experience in finding, analysing, and extracting attack related payload from packet captures and host forensics images.
• Experience in a banking, investment banking or investment management environment;
• Exp in leading the team of DFIR analysts.
• Experience working with Cyber Security and Incident Response frameworks such as NIST, Kill Chain, Attack life Cycle, & MITRE).
• Relevant experience with MITRE Att&Ck alignment with security monitoring use cases.
• Relevant experience with cloud security assessments aligning it to industry standard benchmarking such as CIS.
• Minimum of 3 years of experience in managing and leading DFIR team.
• Proven track record for managing high impact cyber security incidents.
• In depth knowledge of a broad spectrum of security technologies incorporating network, operating system and application security;
• Working knowledge over a range of operating systems and platforms including: Windows Server, Windows XP, UNIX (Solaris, Linux), Stratus;
• Working knowledge of networks: LAN, WAN, routers (Cisco), switches (Cisco), Firewalls, remote access solutions, VPNs;
• Coordinate with other security functions (SOC, Threat Intelligence and Red/Blue team)
• Experience in managing and running Threat hunting initiatives including developing Threat intelligence governance framework.
• In-depth experience with SIEM tools with a strategic oversight on appropriate use case methodologies. Implementation of robust security monitoring use cases and Threat hunting capabilities.
• Incident Response experience with forensics capabilities. Experience with packet analysis on wireshark or any other network protocol analyser including hands on exp with IR tools.
• Experience with Advance threat detection, IAM solutions and DLP is preferred.
• Working knowledge of security products: network based intrusion prevention systems, vulnerability assessment and compliance monitoring solutions, content management tools.
• Strong knowledge on Vulnerability Management, with proven record of Remediation plans to reduce the threats and risk to Information Assets.
• Understanding of VMware technology stack.
• Full understanding of CIS security standards, assessment of the builds to ensure the alignment with CIS benchmarking and working with business to achieve the target state.
• Knowledge of SSL inspection and encryption methods.

We champion a flexible work environment, as we understand the need for people to meet other commitments or simply strike a good work-life balance.

At Mizuho we are committed to supporting equality and diversity, and seek to create a workplace that is fully inclusive. We welcome applications from all sections of the community that we operate in and from all ethnic backgrounds, sexual orientation, beliefs, gender identities and disabilities.

If you require more information about our equal opportunities policy or wish to discuss any accessibility requirements or reasonable adjustments please contact the recruitment team – [email protected] and we will be happy to help.