At a Glance
- Tasks: Lead a team to enhance information security across Asta and its clients.
- Company: Join Asta, a leader in innovative security solutions.
- Benefits: Enjoy flexible working, generous holidays, and comprehensive health coverage.
- Other info: Dynamic role with opportunities for professional growth and development.
- Why this job: Make a real impact in cybersecurity while developing your leadership skills.
- Qualifications: 7+ years in cybersecurity with team leadership experience required.
The predicted salary is between 60000 - 80000 £ per year.
The Information Security Tech Lead is responsible for owning and driving the end-to-end information security programme across Asta & its client base. This is a Technical role leading a team of Engineers and provides authoritative security direction across PAM, EDR, SIEM, DLP, identity governance, vulnerability management, and regulatory compliance. The role requires the individual to take responsibility and strengthen Asta’s security posture through hands-on security engineering, continuous monitoring, and effective operational resilience.
The role and the team within this role would make informed, risk-based decisions during security incidents, prioritising alerts, coordinating containment actions, and recommending remediation strategies. They would be expected to deliver infrastructure hardening, threat detection, vulnerability management and support Microsoft 365 security improvements. The successful candidate will be part of the wider infrastructure team and work closely with development teams, clients, risk and compliance to drive security automation, threat detection, incident response, and risk reduction across the enterprise platform stack.
Key Responsibilities
- Security Leadership & Team Management: Lead a team of engineers, setting direction, managing workloads, and developing capability. Act as the primary security escalation point across the Infrastructure function. Own the InfoSec roadmap aligned to Asta’s IT transformation programme.
- Infrastructure Security Engineering & Hardening: Implement and maintain security controls across infrastructure & systems. Harden infrastructure by applying best practices for IAM, PIM, PAM encryption, network security. Review and implement recommendations of security tooling, including AD hardening tools like Ping Castle and Semperis Lightening as well as vendor solutions & systems. Collaborate on implementing & integrating security controls into pipelines including security scans, policy enforcement, and dependency checking.
- Security Monitoring & Incident Response: Monitor security alerts and events from SIEM, EDR, firewall, IDS/IPS, & other security tools. Triage and prioritise alerts based on severity and impact. Investigate security incidents and suspicious activities using log analysis, packet captures, and forensic techniques. Lead containment, eradication, and recovery efforts during security incidents. Maintain alerting for security events & integrate with SIEM/SOAR platforms.
- Security Strategy & Programme Delivery: Define, own, and drive delivery of Asta’s end-to-end security programme spanning PAM, EDR, NDR, SIEM, penetration testing, DLP, and compliance. Translate regulatory obligations (FCA/PRA, Lloyd’s Principle 12, CBEST, ISO 27001, Cyber Essentials) into actionable technical controls and measurable outcomes.
- Client Security Services: Provide security advisory and managed security services to 20+ syndicate and MGA clients including Carbon Underwriting, Dale Underwriting Partners, and Beat Capital. Conduct client security reviews, Secure Score assessments, Semperis/Entra evaluations, and PAM deployment planning. Act as the security escalation point for client-facing security incidents and assurance requests.
- Threat Intelligence & Detection: Stay current with emerging threats, vulnerabilities, attack techniques, and security trends. Apply threat intelligence to improve detection capabilities and identify indicators of compromise. Contribute to threat hunting activities and proactive security monitoring.
- Compliance & Documentation: Support compliance and audits for ISO 27001, NIST, SOC2, Lloyd's Principle 12, and other standards. Prepare incident reports, timelines, reviews, and maintain event logs. Contribute to security documentation, runbooks, and standards. Produce metrics and quarterly reports on security posture and incidents for senior management. Coordinate Cyber Essentials certification and audits. Handle security requests and data sharing from third parties.
- Operational Resilience & DR: Support operational resilience and business continuity planning activities including scenario testing and disaster recovery exercises. Participate in post-incident reviews and implement lessons learned.
- Phishing Campaign Management: Design, implement & manage simulated phishing campaigns to test and improve staff awareness of social engineering threats. Analyse results and identify training needs. Track metrics on phishing resilience and user security awareness.
Skills, Knowledge & Expertise
- 7 years + of hands-on experience with at least 3/4 years in a lead, management, or principal role in cybersecurity, combining security engineering and SOC operations or incident response with experience in regulated industry.
- Demonstrable experience leading and developing a security team.
- Confident communicator able to translate complex security risk into business language for C-suite and board audiences.
- Strong understanding of cybersecurity principles, attack vectors, defense strategies, OWASP Top 10, and the Mitre Attack framework.
- Experience with cloud security (Azure/AWS), IAM, secrets management, encryption, & certificate management.
- Experience with Microsoft 365 security suite including Microsoft Defender, Azure AD Identity Protection, threat analytics, and security compliance tools.
- Hands-on experience with SIEM platforms (Splunk, Crowdstrike (Falcon), Log Rhythm, Sentinel, and Microsoft Defender).
- Experience of working with tools such as Varonis, Tenable, Pentera & external and internal SOC processes.
Job Benefits
At Asta, you’ll enjoy a market-leading benefits package that puts your wellbeing, career development and financial future first. We combine flexible working, strong family-friendly policies and exceptional rewards to create a supportive, inclusive and high-performing workplace. Our benefits include:
- Work-life balance you can rely on: 35-hour working week with hybrid and flexible working.
- Generous holiday allowance that increases with service.
- Your health & wellbeing covered: Private medical insurance with virtual GP access, annual health screening, dental cover and eye care, subsidised gym or sports club membership.
- Support for you and your family: Enhanced maternity, paternity, adoption and shared parental pay.
- Rewarding your contribution: Highly competitive pension with up to 13% employer contribution, life assurance and income protection, discretionary annual bonus scheme, interest-free season ticket loan and salary sacrifice schemes.
Information Security Technical Lead employer: Davies
Asta is an exceptional employer that prioritises the wellbeing and professional growth of its employees, offering a market-leading benefits package that includes flexible working arrangements, generous holiday allowances, and comprehensive health coverage. Located in London, the company fosters a supportive and inclusive work culture, encouraging collaboration and innovation while providing ample opportunities for career development within the dynamic field of information security.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Technical Lead
✨Get Involved in the Cybersecurity Community
Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!
✨Show Off Your Skills with Capture the Flag Competitions
Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Davies, love seeing candidates who actively engage in these challenges.
✨Tailor Your Online Presence
Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!
✨Apply Directly Through Davies
Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Davies. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.
We think you need these skills to ace Information Security Technical Lead
Some tips for your application 🫡
Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!
Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!
Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Davies insight into your practical problem-solving abilities and makes your application memorable.
Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Davies that you’re committed to staying ahead in the game.
How to prepare for a job interview at Davies
✨Sharpen Your Technical Skills
For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.
✨Prepare for Scenario-Based Questions
Expect the interviewers at Davies to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.
✨Highlight Your Certifications
Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Davies.
✨Show Your Passion for Cybersecurity
Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.