Blue Team Leader in York

Build a brilliant future with Hiscox.

The Blue Team Leader works in our Cyber Fusion Centre, and plays a pivotal role in the protection of our business assets and interests from cyber threats. You will focus on the development of our proactive and defensive capabilities, orchestrating security operations and optimising the efforts of our Blue Team. You will support in the development and implementation of our overall cybersecurity strategy, and plan activities and initiatives to meet our business security objectives. You will need to be naturally inquisitive, have a comprehensive understanding of the latest cyber threats and how to counter them. You will also be a member of our Cyber Incident Response Team (CIRT) and will need to lead our initial response.

You will work closely with our Red Team Leader and Cyber Delivery Leader to identify threats and vulnerabilities present in our network and systems, and turn these into a pipeline of continuous improvement for our cyber defences. You will also work closely with our Head of Cyber Fusion Centre to co-ordinate daily activities in support of their primary objectives. You will also be responsible for working with project delivery teams from across our business, where you will provide expert technical security advice and guidance and support their onboarding activities to the Fusion Centre. You will need hands-on experience working with a multitude of different security technologies, be able to lead and coach your team of analysts and be able to work in a high-paced operational environment.

The role is based in either York (UK) or Lisbon (Portugal) and is a permanent position. Travel to other team locations will be required as necessary.

• Direct and guide the Blue Team in their daily operations, ensuring alignment with our business security objectives and latest threat intelligence.
• Oversee the continuous monitoring of our networks and systems for security breaches or anomalies.
• Design and maintain incident response plans to address and mitigate potential security breaches.
• Co-ordinate Blue Team exercises to ensure analysts are confident in detecting and responding to cyber threats, and that we have the required data points needed to support detection of potential incidents.
• Allocate and manage resources effectively to ensure optimal team performance and address any skill, performance or resource gaps.
• Perform routine gap analysis of detection use cases and identify new data sources for onboarding to the SIEM platform to ensure observability of the latest TTPs.
• Leverage actionable threat intelligence to develop new detection use cases to support the ongoing continuous improvement of our SIEM capabilities.
• Ensure the operational resilience of our proactive and defensive cyber capabilities, including our technology, people and process used to support detection and response.
• Lead initial response to detection of security incidents, ensuring timely and effective resolution, escalation where necessary and perform any post incident analysis for lessons learned.
• Coach and mentor your team to support their professional development, fostering an environment of continuous learning and improvement.
• Develop and maintain our security operations policies, processes and playbooks.
• Maintain an up-to-date knowledge of the latest security tools and technologies, and how these could be used to mitigate our priority threats.
• Provide regular reports on security status, incidents and KRIs to senior management and stakeholders.

• 6+ years experience in a security operations team, preferably 2 years in a management role.
• Demonstrable experience leading response to security incidents and breaches.
• Excellent understanding of defensive security strategies and cyber incident response processes.
• Excellent working knowledge of SIEM based tools and technologies.
• Excellent working knowledge of EDR and XDR technologies.
• Excellent working knowledge of firewalls and other network security appliances.
• Excellent problem solving and analytical skills, with the ability to make sound decisions under pressure.
• Excellent leadership and management skills, with strong communications and interpersonal skills.
• Good understanding of forensics technologies and processes.
• BSc or MSc in Cybersecurity is highly desirable.
• Advanced cyber certifications such as CISSP, CISM, GCIH and GPEN are desirable.
• Industry recognised security vendor certifications are desirable.

At Hiscox we care about our people. We hire the best people for the job and we’re committed to diversity and creating a truly inclusive culture, which we believe drives success. Working life doesn’t always have to be in the office, so we have introduced hybrid working to encourage a healthy work life balance. This hybrid working model is set by the team rather than the business to enable you to manage your own personal work-life balance. We see it as the best of both worlds; structure and sociability on one hand, and independence and flexibility on the other. Our benefits package includes a bonus, contributory pension, 25 days annual leave plus 2 Hiscox days and a 4 week paid sabbatical with every 5 years’ worth of service, private medical for all the family and much more. Work with amazing people and be part of a unique culture.