Book a call
Public Sector | 25-9-2024
Location: London or Milton Keynes or East Kilbride (Hybrid working)
As cyber security threats materialise, the CSOC initiates the Incident Response process. The key stages of IR include building situational awareness, containment of threat and various recovery and prevention measures. Incident management and response allows the organisation to recover from crisis within the shortest timeframe achievable and with least amount of business impact. Activities include security analysis, artefact discovery, forensic evidence collection and corrective measures, co-ordination of remedial teams and reporting.
Service output and deliverables:
The service delivers capability to respond to incidents, with prime focus on containment and recovery. Outputs include detailed incident reports, corrective security controls and security posture reviews arising from Post Incident Review actions.
The IR coordinator typically handles the following tasks when the organization responds to a security incident:
• Record and track the progress of all active security incidents.
• Support the initial triage of security incidents.
• Coordinate the actions of other CSOC team members, disseminating information as necessary, ensure a wide range of stakeholders are engaged.
• Provide status updates to relevant parties who are not members of the CSOC team.
• Provide expertise where necessary by either offering guidance from personal knowledge and experience or by channelling such information from the subject matter expert.
• Support the production of weekly and monthly incident states and reports.
• Gather post incident evidence and support post incident analysis and lessons learnt.
• The IR coordinator’s overall responsibility is to make sure the IR response process is moving forward.
Desired Experience:
• Previous experience working within Government
• Previous experience working within an incident management or SOC environment
• Experience of Incident handling and/or co-ordination
• Risk management experience
Technical experience:
• Splunk
• MS Defender
• Qualys (or other SIEM/ vulnerability tools)
• MS Azure
• ServiceNow
Follow us on LinkedIn for new job listings, industry insights and career advice