About The Role
The
Cyber Threat Investigation Programme Manager is responsible for designing, implementing and operating cyber threat investigation programme to proactively identify early signs of potential cyber intrusion and in this situation rigorously investigate potential security breaches.
This role will report to the Team Lead of the Cyber Intelligence and Resilience (
CIR) team under the Cybersecurity & Digital Governance (
CDG) division.
What does work in this role look like?
Programme Development and Management
- Formulate and propose plans that align with the CIR team’s strategic goals and synergise with the overarching operational capabilities of the cybersecurity team.
- Effectively manage resources and risks to ensure consistent operational excellence.
Procurement Management
- Conduct thorough market research to identify cost-effective and high-quality products and / or services that fulfils CAG’s cybersecurity strategic and operational requirements.
- Oversee and take ownership of the procurement lifecycle for various projects within the programme, ensuring meticulous management and accountability.
Digital Forensics and Incident Response
During “War Time” :
- Lead digital forensics investigation(s) as required and collaborate with various stakeholders to ensure expedited resolution of security incidents, including the conducting of root cause analysis and assisting in the after-action review.
- Collaborate with our Cyber Threat Intelligence (CTI) analyst during an investigation to deliver reports in multiple formats, ranging from routine update emails to comprehensive technical investigation reports, as per stakeholder requests.
During “Peace Time” :
- Develop and maintain incident response plans and playbooks.
- Facilitate cyber exercises and tabletop simulations to refine procedures and sustain operational alertness.
- Contribute to the creation of cyber exercises and tabletop simulations to replicate realistic threat scenarios.
Threat Hunting
- Develop and maintain CAG’s threat hunting programme
- Formulate and document threat hunting hypotheses
- Present threat hunting reports to stakeholders
- Contribute to the development of security controls detection rules to enhance threat detection and monitoring capabilities.
Other General Duties
- Offer expert advice on investigations and threat assessment as needed.
- Collaborate with our CTI analyst to conduct research on new and different Tactics, Techniques and Procedures (TTP) for different threat groups.
- Stay up to date with the latest cybersecurity threats and industry best practices.
Who will make a good fit for this role?
Someone with:
- Bachelor's Degree in Cybersecurity or equivalent, preferably specialising in digital forensics OR have worked for at least two years in the field of digital forensics. Having experience in dealing with digital intrusions will be advantageous.
- Ability to communicate technical events and analysis to non-technical audiences.
- Able to independently handle procurement and manage projects.
- Ability to work independently under pressure and remain calm while conducting investigations during incidents.
- Good communication, teamwork and interpersonal skills
- Strong problem solving, analytical, and technical skills.
- Excellent documentation skills.
Ideally, a good to have:
- Achieved or are in the progress of working towards digital forensics, threat hunting and/or incident response related certifications such as EnCE, Security Blue Team Level 1, CHFI or related certifications.
If this sounds like you, here is an opportunity to join our Cybersecurity family that is a trusted partner of our business and operations teams, and our senior management.