Security Operations Manager London, UK

The role will involve working across a range of areas to support the information security needs of a busy, high‑profile website, as well as an administrative IT environment that supports nearly 1,000 people across 3 office locations with many remote workers. As well as working closely with the other members of the Information Security team, the role will also require extensive engagement across other teams across Rightmove (including IT, Engineering etc.) to ensure security objectives are being met, incidents are being responded to effectively, and our security stance remains strong.

What you'll be doing

• Providing technical leadership and acting as a subject matter expert on information security best‑practice.
• Planning and delivering projects to achieve our information security objectives.
• Collaborating with the IT Infrastructure team on the security elements of migrating Windows estate into Azure.
• Advising our website platform teams on security considerations impacting our website hosting environment in Google Cloud Platform & GKE.
• Working with team members and service providers on SIEM and XDR tooling and establishing processes and playbooks to support incident response and SOC activities.
• Playing a leading role in managing incident response activities and engaging with third‑party DFIR specialists where necessary.
• Leading threat hunts to proactively discover potential compromises before they lead to bad security outcomes.
• Working with team members and external partners on penetration tests and red team engagements to assess our security posture, along with our detection and recovery capabilities.
• Helping to evaluate our response to regulatory/legislative requirements and recommending improvement actions where necessary (e.g. FCA compliance, ISO27001, PCI‑DSS, GDPR etc).
• Keeping up to date with cyber threat intelligence and emerging attack vectors, always evaluating the materiality of the threat to Rightmove and helping shape our response.
• Coaching and developing your people, with regular 1‑to‑1s and continuous feedback.
• Supporting your team members by actively removing blockers.

We're looking for someone who

• Has a passion for Information Security and understands how this is embedded into an organisation.
• Can manage their own workload, making decisions on what tasks need to be prioritised.
• Is confident to communicate and collaborate with internal and external stakeholders, either individually or in group settings, and across a variety of levels of seniority and technical understanding.
• Can reach decisions, even if they are difficult, and is able to provide a clear explanation of the rationale and approach taken.
• Can be trusted to keep confidences, and displays a high level of professional integrity.
• Follows through on commitments and can be relied upon to get things done.
• Is proactive, hands‑on and wants to make things better.

What you'll bring to the role

• Minimum of five years working in a technical security‑based role.
• A high-level Security qualification such as a CISSP, SANS Cyber Defence, EC‑Council Certified Security Analyst, OSCP etc.
• Professional experience in three or more of the following areas (and a willingness to learn about the others):

• Securing Windows, Active Directory and M365 environments
• Container security
• Cloud security (ideally in GCP and/or Azure environments)
• Microsoft 365 security (including Defender, Purview etc.)
• SIEM, SOAR and EDR/ XDR systems
• Strong understanding of networking principles including TCP/IP, DNS etc. and commonly used Internet protocols such as SMTP, HTTP etc.
• Experience working in IT security in a cloud‑hosted environment.
• Good data processing skills – experience with Google SecOps, ELK, Splunk or similar would be beneficial
• Report writing and note taking skills.
• Ability to prioritise both operational and project demands.
• Ability to handle high pressure situations in a productive and professional manner.

Equal Opportunity Employer

As an Equal Opportunity Employer, Rightmove will never discriminate based on age, disability, sex, race, religion or belief, gender reassignment, marriage/civil partnership, pregnancy/maternity or sexual orientation. At Rightmove, we believe that a diverse and inclusive workforce leads to better innovation, productivity and overall success. We are committed to creating a welcoming and inclusive environment for all employees, regardless of their background or identity, to develop and promote a diverse culture that reflects the communities we serve.