Cyber Incident Response Team Manager in Manchester

We are PXC, the UK’s largest provider of wholesale connectivity. Our vision is to be the UK’s #1 wholesale platform, a one-stop shop provider of connectivity, voice, cloud and security underpinned by the UK’s most robust, secure, resilient and reliable network. Born from the combination of Virtual1 and TalkTalk’s wholesale services and national network business, we operate across our 3 core sites (Salford, London and Skopje, North Macedonia). Our mission is clear, to be the UK’s best company to work for and best to work with. We believe this success is driven by the power of our employees. We empower our people to become true experts in their field who embody our values every day: we care; we challenge; we commit.

Cyber security is a real and growing threat to all businesses. Maintaining an effective security capability is critical for PXC and its customers. The CIRT Manager will lead the teams responsible for security incident escalations, intrusion analysis, threat intelligence, insider threat monitoring, forensic investigation, security operations tooling orchestration and automation. In addition, this role will be key for supporting product development of cyber security related products and services as well as accountable for building the tooling and response packages for any product(s) that need to be supported by Security operations teams. The CIRT Manager will be adaptable to the changing Security landscape and have excellent verbal and written presentation skills in relation to communication of technical findings to senior stakeholders. They will enjoy mentoring more junior colleagues to promote growth and development within the team. The role is based in the PXC main office, in Salford, and is aligned with PXC’s dynamic working policy.

About the Team: The CIRT team identifies and responds to security threats affecting the PXC and partner environments, though interaction with disparate sources, including cyber threat sensors and threat intelligence data. We implement containment, eradication, recovery, forensic and post incident measures commensurate with the threat to business operations, whilst coordinating and escalating to business partners as appropriate. The team is also responsible for ensuring that effective and efficient incident response platforms and controls are available to all colleagues across Technical and Security Operations (TSOC) and CIRT. This includes identification, development and implementation of appropriate Security technologies, processes and procedures, onboarding of Technologies initiated by other areas requiring Security monitoring, as well as driving the CIRT Strategy for the business. In addition, the team is also responsible for several areas of testing/simulation to ensure that our Team and Controls are operating optimally, as well as driving evaluation and implementation of new security products PXC wish to offer to its customers in the future.

Key Responsibilities:

• Define the yearly CIRT strategy, aligned to the wider Security team strategy and aimed at identifying key opportunities for continual improvement across Detect and Respond capabilities.
• Responsibility for ensuring our responses (both TSOC and CIRT) are adaptable & optimised to current external threats, based on up-to-date and reliable Cyber Threat intel sources.
• Ensure Incident response and related communication procedures are adhered to throughout incident lifecycles, whilst leading on complex incident response and related post-incident activities following incident resolution.
• Lead the Operational Security team onboarding of new services or platforms aligned to the Security Programme, providing complex engineering analysis and support for the establishment of operational security controls.
• Maximise current security technology investments, ensuring their full capabilities are realised whilst embracing the potential to develop additional associated automation capabilities in relation to incident response maturity and are managed in line with established quality and operational requirements throughout their lifecycle, including change management, appropriate Operational processes and via defined SLAs.
• Lead the technical development of specialist operational roles (e.g. security monitoring, forensics, malware analysis, threat intelligence, proactive hunting) to ensure we have highly skilled, situationally aware personnel.
• Work with the TSOC team and Security SMEs to ensure all day-to-day operational Security activities are delivered in an efficient and effective manner, ensuring that in-scope knowledge transfer and training has been provisioned to all operational Security teams, to support the Strategic aim of Cross Skilling the 24x7 team whilst identifying and leading on CSI for the team.
• Ensure that the Security Ops knowledge management system for Security processes, operating procedures, knowledgebase and interface documents for external Security partners, can be used intuitively and efficiently by all Security Ops personnel.
• Manage the Blue team response to Red team testing, ensuring Post Incident Reviews and appropriate Lessons learnt actions are completed.
• Ensure appropriate CIRT team involvement in the development and implementation of Cyber Threat Tabletop and Simulation testing exercises, whilst working with SMEs to define and maintain Mitre Att&ck framework-based security control testing.
• Lead on Security Case Management control selection initiatives accounting for current and future team, industry and business demands, and including but not limited to gathering of Functional and Non-Functional requirements for new internal Security products, in addition to leading on renewal conversations for existing Security controls.
• Lead the establishment of new Security Managed Services and Products, liaising with Pre-Sales, Sales, Product Managers, Account Managers, Commercial teams, Ops Centre Management and Security SMEs to ensure appropriately scoped, revenue generating products are available to our customers, with developed support processes and procedures for the PXC TSOC.
• Involvement in preparing for and attending regular audit meetings on behalf of SOAR dept regarding tooling and Security Ops Procedures.

What Will Make You Successful in this Role:

• Proven experience leading a cyber incident response team
• L3/Tier 3 incident response experience
• Knowledge and understanding of threat and intelligence processes, playbooks and detection engineering
• Knowledge and understanding of digital forensics pipelines and processes
• SIEM & SOAR experience (ideally Google SecOps)
• Telco experience preferred but not essential

How we look after our employees:

• Our hybrid working policy offers you flexibility to work from home as well as connecting with your colleagues in one of our accessible and collaborative office spaces
• A starting holiday allowance of 25 days* holiday and up to 10 extra days* leave via our holiday purchase scheme
• Flex30, an additional 30 hours* of leave every year for you to use how you wish
• Free private healthcare for all employees, competitive pension scheme and the opportunity to earn bonus
• Free broadband for all employees plus gifts for major life events such as marriages and births
• Flexible salary sacrifice scheme including dental, gym plus a huge range of shopping and leisure discounts so you can save even more cash

(* Days and hours are based on a full-time employee’s working pattern and leave is pro-rated for part-time employee)

At PXC, we know that diversity means success and innovation. We want our workplace to reflect the communities and customer we serve. Being inclusive is part of our DNA; we are all 100% human, and we create a culture where you can truly be yourself. We’re also not your usual 9-5. We are a dynamic workplace and we want to talk to you about how you like to work.