Digital Forensic and Incident Response Team Lead (Cyber Security)

Aveva Group

  • Full Time

AVEVA is a global leader in industrial software. Our cutting-edge solutions are used by thousands of enterprises to deliver the essentials of life – such as energy, infrastructure, chemicals and minerals – safely, efficiently and more sustainably.We’re the first software business in the world to have our sustainability targets validated by the SBTi, and we’ve been recognized for the transparency and ambition of our commitment to diversity, equity, and inclusion. We’ve also recently been named as one of the world’s most innovative companies.If you’re a curious and collaborative person who wants to make a big impact through technology, then we want to hear from you! Find out more at Forensic & Incident Response (DFIR) Team Lead , UK About AVEVA AVEVA is a global leader in industrial software, sparking ingenuity to drive responsible use of the world’s resources. The company’s secure industrial cloud platform and applications enable businesses to harness the power of their information and improve collaboration with customers, suppliers and partners. Over 20,000 enterprises in over 100 countries rely on AVEVA to help them deliver life’s essentials: safe and reliable energy, food, medicines, infrastructure and more. By connecting people with trusted information and AI-enriched insights, AVEVA enables teams to engineer efficiently and optimize operations, driving growth and sustainability. Named as one of the world’s most innovative companies, AVEVA supports customers with open solutions and the expertise of more than 6,400 employees, 5,000 partners and 5,700 certified developers. With operations around the globe, we are headquartered in Cambridge, UK and listed on the London Stock Exchange’s FTSE 100. Learn more at As the team lead of Digital Forensic & Incident Response (DFIR) team for AVEVA Information Security, the DFIR Team Lead will provide leadership and mentorship to Digital Forensic Responder and Incident Response analysts as needed to develop a world-class response capability across the enterprise. He/she will be responsible for coordinating response activities across Cyber Security Response teams and with key stakeholders to identify and remediate potential threats while overseeing response and Cyber Security Response Analysts activity during cyber security incident response. The DFIR Team Lead will aid in honing team tradecraft to ensure AVEVA can remediate immediate threats in a timely (and continually evolving) manner. This includes analysis of security events, performing incident response from identify, protect, detect, through containment to recovery. DFIR Team Lead also responsible to lead the forensic analysis and evidence collection by ensure to follow all safety and privacy procedures when handling sensitive and confidential information such as documents, videos, or pictures. Additionally, handle and receive evidence carefully and keep accurate records of duties performed. In addition, DFIR team Lead also need to provide inputs into definition of security policies, process and awareness and compliance. He/she will work with the Cyber Security Response Manager and wider Information Security team and communicates with AVEVA staff to re-enforce security awareness and compliance. Responsibilities Primary Duties • Lead Cyber Security Response Analyst team on proactively identifying, Investigating, and hunting potential attacks and security risks on AVEVA networks and systems using various platform dashboards and threat feeds. • Lead Cyber Security Response Analyst team on analysis of security events as detected by various security controls, monitoring, and recording security events in daily, weekly, monthly, and quarterly reports. • Lead Cyber Security Response Analyst team on analysis of escalated security events, notifications, and alerts from managed Security Operation Centre (SOC). • Lead Digital Forensic Responder on incident triage process through the examination and analysis of digital evidence and artifacts. • Lead Digital Forensic Responder on e-discovery and forensic processes to include identification, collection, preservation, and processing of relevant incident data. • Lead Digital Forensic Responder on immediate host-based and network-based forensic examinations and Malware reverse engineering on security incidents to determine the root cause and to reconstruct a timeline of events to facilitate incident response and recovery. • Lead Digital Forensic Responder on performing malware analysis and reverse engineering as directed in a safe and secure environment. • Lead Digital Forensic Responder to conduct forensic collection and analysis of all supported devices, including but not limited to Linux, Windows, and Apple workstations, servers, as well as IOS and Android mobile devices, both online and offline, in support of the AVEVA Incident Response process. • Lead Cyber Security DFIR team on creating and maintaining information security operations process, procedure, and checklist documentation, such as incident response plan and playbook. • Lead Cyber Security DFIR team on incident response using AVEVA defined Security Incident Response framework such as NIST. • Reports to Cyber Security Response Manager on concerning security events, incident trends, residual risk, vulnerabilities, and other security exposures, including misuse of information assets and noncompliance. • Works with the AVEVA Infrastructure Operations team and any required partners/business functions such as R&D to resolve security events, incidents, and service requests. • Ensures Cyber Security DFIR team comply with security processes and procedures and supports service-level agreements (SLAs) to ensure that security controls are managed and maintained. • Contributes through security advisories, blogs, and other communication channels on current and emerging security threats to AVEVA assets and people via the security awareness programme. • Be available to provide reactive support to critical security incidents outside standard business hours as part of a rota. Additional Duties Under the guidance of Cyber Security Response Manager • Assist with control improvements to identify control weaknesses and contributes to vulnerability advisories. • Participates in security investigations and compliance reviews, as requested by internal or external auditors. • Assisting with audit finding remediation, action plans. track progress and provide status updates to the enterprise compliance team for reporting purposes. • Maintain awareness of applicable regulatory standards, upstream risks, and industry leading security practices. • Provide feedback and recommendations on existing and new security tools and techniques for the improvement of analysis, incident investigation and security controls. Skills & Qualifications Educational Qualifications • Minimum two (2) years of experience leading or managing technical teams. • Minimum of five years information and cyber security experience as Security Analyst and Incident Response, Security Threat Hunting, or Security Operations Centre analyst role. • Bachelor’s degree in information systems or equivalent work experience in relevant information and cyber security domain. • Security certification from a recognised organisation such as ISC2, CompTIA, ECCouncil, SANS Institute is as advantage. • Technology standard certification such as from Cisco, VMware, Microsoft is an advantage Technical Competency and Experience • Experience as a team leader, assisting in managing security analysts in cyber security incident response team including but not limited to the following subject areas: vulnerabilities, exploitation, and remediation, network traffic and node analysis, Insider Threat, ransomware, supply-chain attacks, data exfiltration, web-focused security topics, persistent Threat (APT), Spear Phishing, and credential compromise techniques. • Familiarity with cloud computing environments such as Microsoft Azure • Familiarity with Security Operations Centers (SOC) • Experience responding to incidents, developing (and seeing through to completion) remediation plans, creating and formalizing incident response program processes and procedures, and working cross-functionally with teams outside of security to accomplish enterprise security goals. • Excellent interpersonal and group dynamic skills • Excellent technical knowledge of Microsoft Operating Systems. Knowledge and experience of Linux and Macintosh. • Technical knowledge of: o Network traffic and protocol analysis of security events from network devices, firewalls, intrusion detection and prevention systems o Endpoint Detection and Response solutions o Endpoint protection and anti-malware solutions o Identity and access management (IAM) systems o User access control monitoring systems o Email and phishing protection o Security Threat Hunting o Forensic evidence handling o Cloud security, such as Azure or AWS • Awareness of the Mitre ATT&CK framework and how it can be used to learn an adversary’s tactics and techniques and focus incident response. • Experience using scripting, automation, and API’s with languages such as Powershell and Python as an advantage. • Experience using Security Information and Event Management (SIEM) and analysing log data sources. • Knowledge and understanding of information risk concepts and principles, as a means of relating business needs to security controls. • Knowledge and experience in developing and documenting security processes and plans. • Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x and the ITIL, COBIT and National Institute of Standards and Technology (NIST) or Center for Internet Security (CIS) frameworks. Occupational Personality • Strong analytical thinking skills with strong written and verbal communication and a good attention to detail. • Ability to work both independently and collaboratively as a team leader, be curious and to ask questions. • Ability to interact with AVEVA’s personnel at all levels and across all business units and organizations, and to understand business objectives and values. • A strong internal client focus, with the ability to manage expectations appropriately, to provide a superior internal client experience and build long-term relationships. • Passionate about security, with a keenness to develop own skills and knowledge outside of working environment. • Confident in recording and presenting key findings and conclusions to different levels of the business. AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business. Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world. Concerning agencies: AVEVA does not accept unsolicited resumes and will not be responsible for fees related to such. #LI-PC1AVEVA requires all successful applicants to undergo and pass a comprehensive background check before they start employment.  Background checks will be conducted in accordance with local laws and may, subject to those laws,  include proof of educational attainment, employment history verification, proof of work authorization, criminal records, identity verification, credit check.  Certain positions dealing with sensitive and/or third party personal data may involve additional background check criteria.AVEVA is an Equal Opportunity Employer. We are committed to being an exemplary employer with an inclusive culture, developing a workplace environment where all our employees are treated with dignity and respect. We value diversity and the expertise that people from different backgrounds bring to our business.Come and join AVEVA to create the transformative technology that enables our customers to engineer a better world.SummaryLocation: Cambridge, United KingdomType: Full time

Job Overview
  • Region

  • Receive job alerts:
    Your subscription could not be saved. Please try again.
    Your subscription has been successful.

    By subscribing below, you acknowledge that your email address will be transferred to Sendinblue for processing in accordance with their terms of use

Receive job alerts:

Your subscription could not be saved. Please try again.
Your subscription has been successful.

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use