Cyber Defence Blue Team Manager

Job Description

The Company:

Our client is one of Ireland's leading retail and SME banks. Their focus is centred on ensuring we deliver what our customers, colleagues and communities need to be successful.

 

Your Role:

Our client has embarked on a significant digital transformation programme which will lead to enhanced customer experience, through re-development of the delivery channels and the ongoing evolution of the bank's infrastructure and operations in order to provide cost-effective, secure and resilient services to our customers.

The Cyber Defence Blue Team Manager will join the management team in Group Technology for managing the day-to-day operations of the Blue team and reporting directly to the Senior Manager, Cyber Defence Centre. Working with key stakeholders across Group Technology and the wider Enterprise, the role has responsibility for 24x7 protection of the bank's critical assets against cyber threats. The successful candidate will have the opportunity to lead and influence cyber defence and response tactics, a centralised strategy for enterprise incident response within PTSB and, working with Group Technology colleagues, defend the bank's network during a breach by isolating infected systems and preventing lateral spread to other devices.

 

Your Team:

You will report to the Senior Manager of Cyber Defence Centre and will work closely with the Cyber Threat Intelligence and Red Teams within the Cyber Defence Centre to coordinate the evaluation activities to assess system security, defence and response capabilities in an objective manner.

 

Your Responsibilities:

As a member of Cyber Defence Centre team, the Cyber Defence Blue Team Manage will be responsible to deliver the objectives of cyber detection and response areas to safeguard the bank's information assets.

• Manage and deliver 24 x 7 threat detection and response function including the ASOC (advanced security operation centre) service, protecting hte bank's information from outside threats.
• Lead the blue team specialists to deliver timely detection of security events and respond as per response procedure/playbooks.
• Working with Security Operations Centre, handling the escalations on monitored events and bring in response support from other remediation teams as per the SLA.
• Maintain on-call support rota to provide off-business hours escalation coverage.
• Working with Red and Threat Intel team within Cyber Defense Centre to deliver next generation SOC services.
• Maintain the detection configurations in SIEM to cover the most updated TTPs relevant for the bank.
• Experience in delivering detection and response service (XDR) using advanced tool stack of SIEM, EDR, NDR and other security solutions.
• Maintain the runbooks/playbooks for timely response to cyber incidents.
• Playing the role of Incident response manager during major incident scenario to orchestrate and coordinate with remediation teams for timely restoration of impacted business services.
• Responsible to deliver the compliance requirement intern, ally and externally (RCSA, Regulatory reporting)
• Being key point of contact, participate in Cyber and Digital resilience projects to deliver cyber maturity and DORA compliance requirements.
• Responsible to deliver timely reporting of KPIs/KRIs and perform monthly service reviews with applicable service providers.
• Provide audit support for internal and external audits.
• Maintain high performance team with blue team specialist and continuously upskill them to deliver the ever-evolving cyber needs.

 

Requirements:

Essential

• 5 years of experience as a Blue team manager using threat management and incident handling frameworks; additional experience with security monitoring (SIEM, IDS/IPS etc.), security orchestration, automation, and response (SOAR), and incident response / digital investigation preferably within a regulated industry.
• Strong knowledge of attacker methodologies and tactics such as the MITRE ATT&CK framework, with experience in mitigating and addressing threats
• Proven experience in incident handling and response
• Ready to handle escalation from SOC for cyber incident handling.
• Good experience in managed detection and response service using Industry leading industry leading tool stack (SIEM: LogRhythm/MS Sentinel; XDR: Microsoft Defender; NDR)
• Practical experience in data processing and automation of scripting
• Prior experience in large scale implementation of security tools
• Fundamental understanding of wired and wireless network protocols, covert channels
• Fundamental understanding of Unix/Linux/Mac/Windows operating systems
• Robust technical foundational knowledge that includes network communications, operating systems, and remote access technologies
• Demonstrated experience with system level vulnerability scanning tools
• Strong knowledge of security controls and services in AWS, Azure and other cloud platforms
• Practical experience in DevOps, infrastructure as code, CI/CD, API integrations
• Fundamental understanding and practical experience of attack scenarios and flows including pivoting, privilege escalation, social engineering, phishing, malware attacks etc.
• Command-line experience with Linux-based operating systems
• Experience identifying and remediating vulnerabilities in at least two of the following areas:
  • Web applications
  • Cloud environments (GCP / AWS)
  • Linux and/or MacOS workstations
  • Software supply chain
• An adversarial mindset - you must be able to put yourself in the mind of the attacker
• Highly effective at verbal and written communications, influencing at all levels, and reporting technical concepts to non-technical colleagues
• Strong influencing capabilities; strong ability to build positive relationships internally and externally, in-person and virtually
• Demonstrated ability to work both independently and within an organization
• Ability to summarise technical information effectively to different constituencies such as Threat Intelligence teams, Red Team, executive management and technical staff, both in written and verbal forms
• Ability to lead and mentor a team
• Solid experience at managing complex activities
• Strong analytical ability and a fact-based approach to decision-making
• The ability to multi-task, prioritise and maintain a relentless focus on driving towards a positive outcome
• Demonstrate a high level of attention to detail and accuracy
• Ability to think creatively and laterally in order to solve problems
• Demonstrate ability to lead in a team environment with changing priorities and time pressures

Desired

• Bachelor's/ Master's degree in Cybersecurity, Information Technology, Computer Science, Computer Engineering, Information Assurance, Electrical and Computer Engineering or relevant/equivalent industry certifications
• One or more of the following certifications (EC Council certifications - CEH, CSA, CHFI, CTIA, CND v2; SANS GIAC, CREST, SEC450, offensive-Security certifications such as OSCP etc.), Microsoft Certified: Azure Administrator Associate, Azure Security Engineer Associate
• Keen, proactive and driven philosophy
• Disciplined and system-driven management model: organised, efficient, effective, focused, balanced and comprehensive understanding of the macro-economic and market environment in which the bank operates.

Morgan McKinley is acting as an Employment Agency and references to pay rates are indicative.

BY APPLYING FOR THIS ROLE YOU ARE AGREEING TO OUR TERMS OF SERVICE WHICH TOGETHER WITH OUR PRIVACY STATEMENT GOVERN YOUR USE OF MORGAN MCKINLEY SERVICES.