Security Incident Response/Threat Hunter

  • Location

    United Kingdom

  • Sector:

    Engineering, IT

  • Job type:

    Permanent

  • Salary:

    Competitive salary + Excellent Benefits

  • Published:

    about 1 month ago

  • Expiry date:

    2021-04-08

  • Client:

    #

Find out more about Gymshark and see all their listed jobs

Gymshark HQ is based in Solihull, however this role can be both flexible & remote. There will be an expectation (post-Covid, government guidelines dependant) for the successful candidate to also be flexible and be open to coming into HQ occasionally.

As Gymshark’s Security Incident Response/Threat Hunter, you will be responsible for managing incidents escalated from the SOC or through proactive threat hunting, identifying, assessing, and reporting on possible threats that could impact Gymshark’s systems.

We have an ambitious strategy that will transform Gymshark’s Incident response and Threat & Vulnerability capability. Therefore, this role will work closely with the programme work streams to support the delivery of reducing tangible risk outcomes to Gymshark.

What You Will Be Doing

Management and Support: 

  • Act as Incident Response leader providing clear communications to stakeholders.
  • Perform root cause analysis to identify gaps and provide recommendations that will reduce Gymshark’s exposure to cyber-risks.
  • Support  'game day' exercises to test and validate incident response readiness.
  • Collaborate with Technical and non-technical stakeholders to develop and agree effective mitigation plans for incident resolution.
  • Establish, advise and coordinate taskforces of cross functional technical resources to respond to highest risk/most complex threats, contribute technical specialist knowledge.
  • Stay current with the critical threats to our in house and Cloud based IT solutions by continually analysing cyber threat intelligence sources.

 

Strategy: 

  • Support the delivery of a global SIEM logging and analysis to identify breaches or malicious activity on network or cloud infrastructure both internal and customer facing.
  • Identify technical and procedural enhancements and opportunities to continuously improve the capability of the Incident Response and Threat Hunting function.
  • Promote a proactive approach to addressing the changing threat landscape by highlighting architectural improvements to security infrastructure through threat and risk analysis.
  • Produce executive level reporting, documenting incident outcomes and threat hunt discoveries.

 

Collaboration: 

 

  • Ability to maintain cross functional relationships in a continuously expanding organisational structures.
  • Ability to work with internal staff & third parties to define and deliver risk reduction strategies.
  • Excellent communication skills with the ability to explain technical security incident and discovered threats in business risk terms aligned to the audience.
  • Work closely with the SOC to develop use-cases and improve overall efficiency of the Cyber Threat Hunting processes.

Analytics:

  • Use incident data and threat analytics to measure the effectiveness of tools and policies to help understand the landscape for further improvement.  
  • Provide subject matter expertise on cyber threats to support current analytic operations and initiatives.
  • Perform open-source threat collection and analysis activities identifying indications of cyber threats, malicious code, malicious websites, and vulnerabilities pertinent to Gymshark.
  • Incorporate the relevant intelligence provided by both internal teams and external stakeholders to assist the Security architecture and Security Monitoring functions to deliver enhanced proactive and reactive operations to mitigate against current and emerging threats.
  • Researching new and existing threat actors and associated tactics, techniques, and procedures (TTPs) and their impact to the business.
  • Hunting for malicious and anomalous activity across the enterprise and providing custom detections to identify future occurrences.
  • Utilise tools and analysis to identify breaches or near misses on the network, client machines or cloud infrastructure.
  • Benchmark Gymshark against key compliance legislation and global security standards.

Knowledge and Opportunity: 

 

  • Hands on experience in analysing and responding to incidents
  • Experience in managing stakeholders in critical situations to ensure effective resolution during incidents.
  • Experience working in a SOC; preferably managing a team
  • Act as a Subject Matter Expert (SME) in all matters related to Incident Response and Threat Hunting.
  • Attend relevant 3rd party events & Webinars to further knowledge/skills/contacts within the industry.

 

Other Duties: 

  • Provide guidance, advice & feedback for security tooling & services.
  • Will be a champion for the function.
  • To work outside of hours where necessary/required.
  • Identifies areas where training/certification is required and proactively arrange such training/certification once identified.
  • To lead by example on best practices and tech policy.

 

What You'll Need

 

  • Own or working towards, an industry recognised qualification such as GCFA, GNFA, GCIH, OSCP, CISSP, CCSP.
  • Experience within a Cyber Security Team including incident detection and response and proactive hunting.
  • Knowledge of OWASP Top 10, Cyber Kill Chain, Mitre Att@ck framework, and Penetration Testing.
  • Experience working in a SOC; preferably leading on incident response.
  • General knowledge of current and emerging security technologies, Strong information security knowledge including web, network and endpoint protocols
  • Sound operational knowledge of SIEM, firewalls, intrusion detection and vulnerability management systems
  • High level of organisational skills
  • Work collaboratively with local and International Technical and Non-Technical teams to align on global projects and joint tasks.
  • Experience in supporting a Mid-Sized HQ and Satellite Office user base in all security related questions and queries
  • Providing support for Gymshark security Identity Systems in the event of emergencies – occasionally out of hours if urgent
  • Ability to work collaboratively with other team members to deliver immediate tasks.
  • Commercial Awareness and a creative problem solver with the ability to think laterally and understand the cost and value drivers within a competitive business environment.