Defensive Cyber Operations Specialist
Hybrid – 2-3 days per week onsite in Portsmouth
6-month outside IR35 contract
Active DV (this is mandatory)

Working with a cybersecurity consultancy, we’re looking for a highly skilled and experienced Defensive Cyber Operations Specialist to join the cyber as a service delivery team. The ideal candidate will have in-depth experience in defining, developing, and implementing effective Cyber Security Operations Centres (CSOCs). The role involves leading defensive measures to protect organisational infrastructure from cyber threats, as well as working closely with cross-functional teams to ensure a robust cyber security posture.

Experience:

• Minimum of 5 years of hands-on experience in defensive cyber operations, ideally within defense sector.
  
  
• Proven track record in defining, developing, and managing Cyber Security Operation Centres.
  
  
• Strong background in security incident detection and response, with experience using SIEM, IDS/IPS, and endpoint detection and response (EDR) solutions.
  
  Desired Skills:
  
  
• In-depth knowledge of cybersecurity operations frameworks (NIST, MITRE ATT&CK, etc.)
  
  
• Hands-on experience with threat detection and response tools (SIEM, IDS/IPS, firewalls, etc.)
  
  
• Familiarity with scripting languages (Python, PowerShell, etc.) to automate defensive tasks.
  
  
• Strong understanding of malware analysis, digital forensics, and threat intelligence.
  
  
• Ability to work under pressure and handle complex incidents in real-time.
  
  
• Excellent problem-solving, communication, and organisational skills.
  
  Certifications (Preferred):
  
  
• Certified Information Systems Security Professional (CISSP)
  
  
• Certified Ethical Hacker (CEH)
  
  
• GIAC Certified Incident Handler (GCIH)
  
  
• GIAC Security Operations Certified (GSOC)
  
  Responsibilities
  Cyber Security Operations Centre (CSOC) Development:
  
  
• Lead the design, implementation, and optimisation of CSOC infrastructure and processes.
  
  
• Develop strategies and workflows to ensure effective detection, analysis, and response to cyber threats.
  
  
• Establish key performance indicators (KPIs) and metrics to measure and improve the effectiveness of cyber security operations.
  
  Threat Monitoring & Incident Response:
  
  
• Conduct continuous monitoring and analysis of security events using SIEM, IDS/IPS, and other security tools.
  
  
• Develop, document, and maintain standard operating procedures for incident detection and response.
  
  
• Lead investigations into potential security incidents, ensuring timely and effective resolution.
  
  Defensive Cyber Operations Strategy:
  
  
• Create and implement strategies to mitigate risks from emerging and existing cyber threats.
  
  
• Provide technical leadership on defensive cyber operations, including vulnerability management and threat intelligence integration.
  
  
• Work closely with other cybersecurity teams to establish a layered defense approach.
  
  
• Run TTXs with the aim to enhance preparedness and response capabilities by simulating scenarios like phishing attacks, data breaches, ransomware infections, or network intrusions.
  
  Collaboration & Advisory:
  
  
• Serve as a subject matter expert (SME) for defensive cyber operations across the organisation.
  
  
• Collaborate with network, infrastructure, and application teams to ensure security is embedded across all systems and services.
  
  
• Provide advice and mentorship to junior staff and foster a culture of proactive cyber security awareness.
  
  Documentation & Compliance:
  
  
• Maintain detailed documentation of the CSOC’s processes, incidents, and activities.
  
  
• Ensure that cyber security operations comply with relevant laws, regulations, and industry standards