Incident Manager and Cyber Intelligence

Job purpose:

The purpose of this role to perform technical analysis, incident response and incident management efforts within the Security Operations Center (SOC) and specialist Threat Intelligence activities, responsible for identifying, assessing and providing actionable recommendations to mitigate developing threats.

The role also ensures timely communication of developing threats to stakeholders and management by producing Incident Summaries, strategic and tactical intelligence assessments to support mitigation activities.

Key activities:

Senior Incident Response/Management Responsibilities:

• Manage security incidents from initial detection to resolution, support post-incident analysis and remediation to reduce future risks.
• Implement prompt containment measures within the technical domain to mitigate threats.
• Serve as a technical escalation point for the SOC during complex incidents,

Threat Intelligence (TI) Responsibilities:

• Provide intelligence-based guidance, on containment, eradication, and recovery for sophisticated threats.
• Analyse, track adversary infrastructure, and enhance detection capabilities.
• Develop keen understanding of the threat landscape, threat actor profiles, TTPs, ensuring intelligence is actionable, and guide stakeholder decisions.
• Enhance Threat Intelligence products.
• Identify and track relevant Campaigns/ Threat actors/ Attack vectors/ TTPs etc.

Mentor and Develop Talent:

• Mentor junior team members, fostering a culture of technical excellence, intellectual curiosity, and proactive defence.

Collaboration & Communication

• Collaborate with analysts and subject matter experts to leverage their knowledge and expertise.
• Liaise with internal/external stakeholders to ensure effective communication and alignment on delivering targeted actionable intelligence.
• Maintain & Establish relationship with wider threat intelligence community, information sharing partners etc.

Formal education:

• Bachelor’s degree or higher in Information Security, Computer Science, Computer Engineering, or a related field.

Specialist knowledge (work experience, further qualification):

• A minimum of 5-8 years of experience in cyber security, with a clear progression into specialized, senior roles within demanding environments, preferably the financial sector.
• Expert-level knowledge of the incident response lifecycle, with hands-on experience managing sophisticated, real-world security incidents.
• Proven, demonstrable track record of establishing security frameworks from the ground up, particularly in Threat Intelligence, or Threat Hunting.
• Mastery of cybersecurity frameworks, such as MITREATT&CK, Cyber Kill Chain, Diamond Model, and a history of applying them to build threat profiles and prioritize threats.
• Proficiency with enterprise security technologies, including EDR platforms, SIEMs, TIPs
• The following certifications are desired: CISSP, GCTI, GREM, GEIR.