The DFIR Manager role will sit within our Cyber Defence Department and is responsible for leading and managing the Digital Forensics & Incident Response Team. We are looking for someone who has a strong managerial and technical background, with significant experience across all types of incident response with a strong emphasis on cloud. The DFIR manager has overall responsibility for the ability to respond, and for the quality of that response to cyber incidents across EUI Limited.
This role involves overseeing the team's response to security incidents, ensuring that all incidents are handled efficiently and effectively, in line with the organisation's security policies and procedures. The manager will also be responsible for developing and maintaining the incident response plan, coordinating with other departments, and reporting to senior management on incident status and post-incident analysis.
The right candidate will be able to work intuitively with other operational technical teams, providing advanced technical expertise and outputs. When not responding to and managing incidents you will be driving the DFIR team with not only their strategic mission but also to be proactively collaborating with other technical teams to ensure the security of Admiral.
The DFIR team have a diverse set of highly technical functions within it ranging from malware reverse engineering to digital forensics. The manager of this team needs to be able to understand and participate in growing these functions to better the operations team.
Responsibilities
The DFIR manager will:
- Lead the DFIR team, providing guidance and direction during security incidents.
- Develop and maintain the organisation's incident response plan and ensure it is followed during incidents.
- Coordinate with IT, legal, and public relations departments to manage the response to security incidents.
- Provide regular updates to senior management on incident status and any critical issues that arise.
- Conduct post-incident analysis to identify root causes and implement improvements to prevent future incidents.
- Grow the DFIR teams responses using a threat led approach, with considerations for automation, AI, and cloud.
- Push the technical boundaries of the DFIR team, striving to provide enhanced technical output and knowledge to the operations department.
- Proactively lead the team to look for advanced threats and generate protections against them.
- Stay up to date on the changing threat landscape, incorporating new response procedures in accordance.
- Lead, develop and mentor the team and wider, fostering an environment of continuous learning, development, and knowledge sharing.
- Establish and drive the DFIR strategy, aligned to the rest of the security and tech department, inclusive of a growth into cloud, and the use of AI.
Essential Experience/Skills:
- Proven experience in managing a cyber incident response team.
- 2+ years of team management experience.
- 6+ years of experience conducting incident response and forensic investigations.
- 2+ years of experience with incidents in the cloud (Azure and/or GCP).
- Proven experience of driving strategic goals, and stakeholder management including third party relationships.
- Ability to actively manage workloads to meet business and department requirements.
- Strong understanding of security incident response protocols and best practices.
- A demonstrable understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
- Understanding of enterprise grade technical security controls and defence in depth practices.
- Ability to work under pressure and make critical decisions during security incidents.
- The ability to pick up and learn new technology approaches and make rapid decisions on the best way to use these technology advancements for the betterment of the overall security posture.
Desirable Skills:
- One or more of the following:
- (ISC)2 Certification such as: CISSP, CISM
- CompTIA Certification such as: Security+
- GIAC Certification such as: GCIH, GCIA, GDAT, GCDA, GISP, GCFE
- Familiarity with at least one cloud platform such as Microsoft Azure, Amazon AWS, or Google GCP.
- A working knowledge of financial services and the typical business processes involved together with the threat actors and their relevant tactics, techniques and procedures would be of significant advantage.
Salary, Benefits, and Work-Life Balance
We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.
At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to work for in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.
All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.
You can also view some of our other key benefits here.
#LI-KG1
