Job description
Job Description:
Who is offering this opportunity?
At DXC Technology, delivering excellence for our customers and colleagues is more than just a motto, it’s something we strive towards constantly through our work. Every day we deliver mission critical services in a secure environment whilst promoting our people first agenda, a real sense of community and a healthy work-life balance. Our consistently positive customer feedback and continuous growth helps us cement our place as one of the world’s leading IT solutions enterprises, helping us deliver services and solutions in both challenging and exciting situations.
We believe that hiring a diverse team is crucial to our success and our recruiting decisions are based on your skills and experience as an individual. We actively encourage consistent growth on our journey towards a culture of inclusion and recognize that the people we employ are vital to providing a great customer experience. As such, we have a variety of training, support, and tools available to aid in your continual personal and professional development. Our ongoing goal is to drive innovation and modernize operations across the board, which includes furthering the skills of our colleagues. At DXC, building a better you, builds a better us.
The role :
The Security Advice and Incident Office (SAIO) team has the responsibility for responding to, coordinating and investigating Security Incidents across the UK Defence MODNET systems at all levels. The team is responsible solely to the Defence Customer and provides front line triage capability operationally to key MOD stakeholders, delivering real time security oversight across Defence.
You will be responsible for the end-to-end management of the security incident life cycle, overseeing each of the relevant stages from triage through to closure, looking to identify patterns from trend analysis and contributing to the wider information exploitation of information, assisting the Customer in formulating future secure process and improvements to operating procedures.
You will be responsible for providing security incident reports and metrics concerning security incidents and investigations to the SAIO Team Lead and the UK Secure Account Customer.
You will provide a professional interface with the customer, the SAIO team and wider OSM and MSP construct, being a point of contact for operational security advice and guidance. You will also be responsible for escalations of incidents as and when necessary to the appropriate authority.
Responsibilities
As part of the Security Advice and Incident Office team, you will:
- Co-ordinate and Investigate Security Incidents through to completion
- Work with other resolver groups to respond to and investigate security incidents.
- Review alerts, security incidents and logs from various sources when required and conduct triage and analysis.
- Monitor and manager functional mailboxes and respond to email enquiries from the account and clients.
- Review and raise security incidents in ticketing systems.
- Whilst managing security incidents liaise with other DXC/OSM and Customer security teams such as Cyber Threat Advisory Centre (CTAC), SCS Security Engineering, Threat Hunt and Digital Forensic Investigation Teams.
- Assist in the completion of weekly and monthly reporting to agreed timescales and quality
- Compile and present reports using Microsoft PowerPoint and Excel.
- Routinely review security incidents to perform trend analysis and to enhance IX, make recommendations to the Customer and other associated Security teams for potential security improvements or sales opportunities
- Respond to incidents as per Customer Security Operating procedures and SAIO Security Processes.
- Collate and promulgate, both internally and externally Customer Security products and ensure a timely and accurate response to Customer Security Directives.
- Manage security oversight of Engineering Password control, ensuring correct CR status, security clearance checks and secure password allocation.
- Act as an escalation point / mentor for any specialists working on the account
- Lead on complex and sensitive incidents when required and ensure that processes are updated or reviewed to ensure that any lessons learnt are documented and repeatable.
- Take responsibility for the SAIO processes on the Customer account and subject them to regular review.
- Ensure that all obligations are covered off (for instance monthly reporting) to the agreed timescales and ensure that SLAs, where recognised are met.
- Ensure that the SAIO TL and CISO are informed of all relevant Security Incidents and kept apprised of especially sensitive issues.
- Make sure that you are a team player, they key to successful Security Incident management is Communication across the team.
- Ensure that all security services provided by you are delivered in line with contractual requirements.
- Ensure that you have the right allocation of work, and that you are chargeable for the work being performed.
- There will be a requirement that you can provide standby(on-call) cover whilst working on an agreed rota to cover high severity security incidents
Training
- Ensure that you perform any mandatory training in line with Enterprise / Practise requirements and deadlines
- To maintain a watching brief on the wider threat environment and real world events that may affect and impact the service you provide. Enthusiasm and desire to develop your skillset and knowledge base and help other team members to also achieve this.
Person Specifications
Essential:
- Willingness to learn security incident management skills.
- Possess good analytical skills.
- Enthusiastic and committed approach with a track record of building strong, trusted base relationships with colleagues and stakeholders at all levels
- A good working knowledge of the UK Secure Customer and how Defence works.
- Self-motivated and an ability to keep up to date with latest security threats and vulnerabilities and trends.
- Excellent communication, influencing, negotiating and engagement skills
- Sound judgement and decision-making skills, with a ‘hands on’, problem solving approach, able to remain calm under pressure and own security incidents
- Ability to work to tight timescales.
- Experience of writing procedures and reports,
- Ability to work as part of a team, as well as independently.
- Able to achieve DV Security Clearance
Desirable:
- A wider understanding of how the UK Secure Customer works and what their expectations are – understanding Defence, proven experience working within the Civil Service and/or Police or Security agencies.
- A genuine want to work, increase your wider Cyber Security awareness, share process, a willingness to improve your working knowledge and experience of security incident handling.
- Outstanding Communication skills – the key to success in the Security Incident management arena is the ability to Communicate at all levels.