Head of Security Monitoring & Threat Hunting

The Head of Security Monitoring & Threat Hunting has overall responsibility of ensuring the proactive monitoring, discovery, and initial investigation of incidents across Admiral.

 You will be responsible for defining & delivering our evolving intelligence led – data driven cyber analytics capability. You will also own overall coordination of these resources to deliver a Threat Led service to the business, deploying resource in-line with the threat landscape to monitor for known threats whilst also coordinating activities to discover previously unknown and evolving threats. Critical to success will be working alongside the Threat Intelligence and the Advanced Threat Engineering teams to provide a comprehensive security wrap fit for a growing and successful FTSE 100 company.

As well as leading the team, the successful candidate will be able to lead by example. You will come from a strong technical background and have moved into lead and managerial positions of technical teams where they have repeatedly and successfully demonstrated the ability to inspire and deliver through others. As an inspirational leader you will be able to set a futuristic vision for your teams, deliver against competing demands in parallel, able to provide senior management with timely and concise briefings concerning technical issues and incidents using language understandable by the business, and develop and set the direction for your technical teams.

In addition to managing the daily operation, the candidates must be able to set a vision for the future which enables the most efficient use of our staff and technical assets, delivering a service which actively looks for threats rather than being a ‘reactive’ service. The development of automation and self-service is one key component to delivering an efficient mission and therefore the candidate must be able to demonstrate previous experience of utilising these principles in order move teams from a reactive stance to a pro-active, threat hunting and business enabling posture.

You will be adept at delivering through others; providing clear direction; setting strategy; developing processes and distilling technical reports for consumption by non-technical audiences. You will question information that others would take on face value and remain inquisitive to improve the likelihood of your teams fully chasing down incidents to confident closure.

You will have at least 5 years’ management experience of technical teams with at least 15 staff and be able to evidence good technical, communication, coaching and leadership practices.

Responsibilities

The role will:

• Lead technical teams – set the vision and direction of the team as an inspirational leader.
• Performance Management - direct management responsibility for the team
• Deputise for the Head of Security Operations & Cyber Defence in their absence
• Contribute to and assist with the implementation of Admiral’s cyber security strategy
• Communicate to the wider business using non-technical language concerning events, risks and processes
• Ensure all security events are investigated and documented to completion
• Improve the efficiency of the day-to-day duties of the Monitoring and Response teams by collecting metrics and evidence from current/past cases and refining telemetry and processes
• Manage a diverse stakeholder list of internal customers, senior leadership team members, partners and IT, Legal, Public Relations contacts to disseminate relevant information and actions
• Be threat led and business risk oriented in developing strategy to align with business goals and their respective priorities.
• Act as a thought leader and technical expert in SOC operations to drive forward novel solutions with a focus on automation, innovation alongside advanced threat analysis and analytics.

Essential Experience/Skills

• 7 years’ experience in any of the following: Cyber security; IT operations; Incident management or crisis management.
• 5 years’ management experience of teams with more than 15 staff
• 5 years’ experience of technical practitioner experience.
• Be able to evidence the successful delivery of a proactive threat hunting security service.
• Have experience of introducing automation to bring efficiency and timeliness to the mission.
• Technical and applicable knowledge of detection analytics including attack paths, tactics, techniques and procedures, with effective counter measures in a financial services environment.
• Proven ability to make decisions and perform complex problem-solving activities under pressure and at pace.
• Understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks
• Able to quickly and accurately distil technical reports for consumption by non-technical audiences
• Direct experience of at least one cloud platform such as Microsoft Azure, Amazon AWS or Google GCP.
• A blend of technical and managerial qualifications such as:

• (ISC)2 Certification such as: CISSP, CISM
• CompTIA Certification such as: Security+
• GIAC Certification such as: GCIH, GCIA, GDAT, GCDA, GISP, GCFE

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons why we're consistently voted one of the Sunday Times’ Best Big Companies to work for in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.

#LI-LP1