Digital Forensic and Incident Response (DFIR) Manager

AVEVA is creating software trusted by over 90% of leading industrial companies.

Position:                           Digital Forensic and Incident Response (DFIR) Manager

Location:                          London (Hybrid)

Employment type:          Full-time regular

​

The Job

The DFIR Manager will provide leadership and mentorship to Digital Forensic Responder and Incident Response analysts as needed to develop a world-class response capability across the enterprise. He/she will be responsible for coordinating response activities across Cyber Security Response teams and with key stakeholders to identify and remediate potential threats while overseeing response and Cyber Security Response Analysts activity during cyber security incident response.

Responsibilities:

• Manage and supervise Cyber Security Response Analyst team to proactively identifying, Investigating, and hunting potential attacks and security risks on AVEVA networks and systems using various platform dashboards and threat feeds.
• Manage and supervise Cyber Security Response Analyst team on analysis of security events as detected by various security controls, monitoring, and recording security events in daily, weekly, monthly, and quarterly reports.
• Manage and supervise Cyber Security Response Analyst team on analysis of escalated security events, notifications, and alerts from managed Security Operation Centre (SOC).
• Manage and supervise Digital Forensic Responder on incident triage process through the examination and analysis of digital evidence and artifacts.
• Manage and supervise Digital Forensic Responder on e-discovery and forensic processes to include identification, collection, preservation, and processing of relevant incident data.
• Manage and supervise Digital Forensic Responder on immediate host-based and network-based forensic examinations and Malware reverse engineering on security incidents to determine the root cause and to reconstruct a timeline of events to facilitate incident response and recovery.
• Manage and supervise Digital Forensic Responder on performing malware analysis and reverse engineering as directed in a safe and secure environment.
• Supervise Digital Forensic Responder to conduct forensic collection and analysis of all supported devices, including but not limited to Linux, Windows, and Apple workstations, servers, as well as IOS and Android mobile devices, both online and offline, in support of the AVEVA Incident Response process.
• Supervise and collaborate with Cyber Security DFIR team on creating and maintaining information security operations process, procedure, and checklist documentation, such as incident response plan and playbook.
• Supervise and collaborate with Cyber Security DFIR team on incident response using AVEVA defined Security Incident Response framework such as NIST.
• Reports to Security Incident Manager on concerning security events, incident trends, residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance.
• Works with the AVEVA Infrastructure Operations team and any required partners/business functions such as R&D to resolve security events, incidents, and service requests.
• Ensures Cyber Security DFIR team comply with security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained.
• Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to AVEVA assets and people via the security awareness program.
• Be available to provide reactive support to critical security incidents outside standard business hours as part of a rota.

Skills and Qualifications:

• Minimum two (2) years of experience leading or managing technical teams in following subject areas: vulnerabilities, exploitation, and remediation, network traffic and node analysis, Insider Threat, ransomware, supply-chain attacks, data exfiltration, web-focused security topics, persistent Threat (APT), Spear Phishing, and credential compromise techniques.
• Minimum of five years information and cyber security experience as Security Analyst and Incident Response, Security Threat Hunting, or Security Operations Centre analyst role.
• Bachelor's degree in information systems or equivalent work experience in relevant information and cyber security domain.
• Security certification from a recognised organisation such as ISC2, CompTIA, ECCouncil, SANS Institute is as advantage.
• Technology standard certification such as from Cisco, VMware, Microsoft is an advantage.
• Familiarity with cloud computing environments such as Microsoft Azure
• Familiarity with Security Operations Centers (SOC)
• Experience responding to incidents, developing (and seeing through to completion) remediation plans,
• creating and formalizing incident response program processes and procedures, and working cross- functionally with teams outside of security to accomplish enterprise security goals.
• Excellent interpersonal and group dynamic skills
• Exceptional stakeholder management skills
• Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary’s tactics and techniques and focus incident response.
• Experience using Security Information and Event Management (SIEM) and analysing log data sources.
• Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls.
• Knowledge and experience in developing and documenting security processes and plans.

UK Benefits include:  

Flexible benefits fund, emergency leave days, adoption leave, 28 days annual leave (plus bank holidays), pension, life cover, private medical insurance, parental leave, education assistance program.

It’s possible we’re hiring for this position in multiple countries, in which case the above benefits apply to the primary location. Specific benefits vary by country, but our packages are similarly comprehensive.

Find out more: aveva.com/en/about/careers/benefits/

Hybrid working

By default, employees are expected to be in their local AVEVA office three days a week, but some positions are fully office-based. Roles supporting particular customers or markets are sometimes remote.

Hiring process

Interested? Great! Get started by submitting your cover letter and CV through our application portal. AVEVA is committed to recruiting and retaining people with disabilities. Please let us know in advance if you need reasonable support during your application process.

Find out more: aveva.com/en/about/careers/hiring-process

About AVEVA

AVEVA is a global leader in industrial software with more than 6,500 employees in over 40 countries. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals, and minerals – safely, efficiently, and more sustainably.

We are committed to embedding sustainability and inclusion into our operations, our culture, and our core business strategy. Learn more about how we are progressing against our ambitious 2030 targets: sustainability-report.aveva.com/

Find out more: aveva.com/en/about/careers/

AVEVA requires all successful applicants to undergo and pass a drug screening and comprehensive background check before they start employment. Background checks will be conducted in accordance with local laws and may, subject to those laws, include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third-party personal data may involve additional background check criteria.

AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.  AVEVA provides reasonable accommodation to applicants with disabilities where appropriate. If you need reasonable accommodation for any part of the application and hiring process, please notify your recruiter. Determinations on requests for reasonable accommodation will be made on a case-by-case basis.