Senior Cybersecurity Operations Specialist in London

Overview: The client is a leading agency driving their clients' initiatives and public sector digital transformation. As the Centre of Excellence for Infocomm Technology and Smart Systems (ICT & SS), the client develops capabilities in Data Science & Artificial Intelligence, Application Development, Smart City Technology, Digital Infrastructure, and Cybersecurity. The client offers the successful candidate a purposeful career to make lives better, empowering people to master their craft through robust learning and development opportunities all year round.

Responsibilities:

• Incident Management & Response Standardisation
  • Unified Playbooks: Establish and maintain company-wide Incident Response (IR) playbooks for diverse threat scenarios (e.g., Ransomware, Data Exfiltration, Cloud breaches).
  • Crisis Leadership: Provide direct guidance and technical oversight to agencies during High and Critical severity incidents, ensuring timely reporting and effective containment.
  • Incident Governance: Work with clients to establish clear command structures and roles, empowering leaders to make difficult, high-stakes decisions during a crisis.
• Operational Readiness & Resiliency Testing
  • Advanced Exercises: Design and oversee high-quality Tabletop Exercises (TTX) for various stakeholders, evaluating external vendors to ensure these exercises are realistic, comprehensive, and push the firm's limits.
  • Chaos Testing: Drive the adoption of chaos testing across agencies to validate the adequacy of resiliency plans and identify hidden failure points in critical systems.
  • Capability Building: Continuously assess the operational readiness of the Ministry Family and lead initiatives to bridge identified gaps in incident management.
• Continuous Monitoring & Asset Governance
  • Centralised Monitoring: Ensure all Ministry systems are effectively onboarded to central monitoring services, working with system owners on overcoming challenges encountered during onboarding.
  • Asset Visibility: Partner with clients to maintain a robust and updated IT asset inventory, ensuring that "you cannot protect what you do not know."
  • Custom Threat Scenarios: Provide expert guidance for clients with unique threat use cases or specialised systems (e.g., OT/ICS) that fall outside standard monitoring coverage, helping them build bespoke detection capabilities.
• Vulnerability & Attack Surface Management
  • Full-Spectrum SOPs: Establish Standard Operating Procedures for vulnerability management across on-premises, cloud (GCC), and OT environments, ensuring proper procedures for managing unpatched vulnerabilities.
  • Attack Surface Scanning: Ensure agencies deploy adequate internal and external scanning tools, overseeing the workflow for finding prioritisation and validating that patches are applied and effective.
• Advocacy & Education
  • Resilience Culture: Educate agency stakeholders on the critical importance of Response and Business Continuity Planning (BCP).
  • Stakeholder Inculcation: Foster a mindset of "assumed breach," ensuring project owners and agency leaders understand their roles in threat monitoring and incident management.

Experience:

• Years of Experience: 8 to 10 years of deep experience in Cybersecurity Operations, SOC Management, or Incident Response.
• Crisis Management: Proven track record of leading or providing technical oversight in high-pressure, high-severity security incidents.
• Domain Expertise: Experience managing security operations across complex hybrid environments (On-premise, Cloud, and OT).

Technical Skills:

• Incident Response & Forensics: Mastery of IR methodologies and a strong understanding of digital forensics and malware analysis.
• Threat Intelligence & TTPs: Deep knowledge of the threat landscape and the ability to map monitoring use cases to the MITRE ATT&CK framework.
• Vulnerability & Exploitation Research: Deep understanding of the CVE (Common Vulnerabilities and Exposures) system and CVSS scoring, knowledge of exploitation techniques, and the mechanics of how vulnerabilities are weaponised by threat actors.
• Detection Technologies: Proficiency in SIEM, SOAR, XDR, and EDR technologies, with the ability to evaluate the relevancy of existing monitoring tools against evolving threats.
• Cloud Operations: Strong understanding of monitoring and responding to incidents within clients' domains.
• Certifications: Professional certifications such as GCIH (GIAC Certified Incident Handler), GCFA (GIAC Certified Forensic Analyst), CHFI, or CISSP are highly desirable.

Soft Skills:

• Command & Control: Ability to remain calm and provide clear, authoritative guidance during high-stakes security crises.
• Diplomacy & Education: Skill in translating operational needs into strategic priorities for clients.
• Strategic Foresight: A strong interest in emerging security technologies and the ability to proactively adapt monitoring strategies to counter new actor TTPs.