A Defender could work in a Global Security Operation’s team who are responsible for monitoring security and managing security incidents across the globe. The team’s aims are to minimise risk exposure and handle security incidents. A Defender will protect the confidentiality, integrity and availability of all assets and systems through monitoring, analysis and detection activities derived from security log feeds, security systems and reports.

Links with the CyberEPQ Modules

• 3. & 4. Vulnerability Assessment and Pen-Testing
• 5. Information Security Vulnerability Concepts
• 6. Intrusion Detection and Analysis, Incident Investigation and Analysis
• 9. Information Security Identity and Access Management

What does a Defender do?

A Defender operates within a team that takes responsibility for the security monitoring of key technologies whilst helping to provide effective analysis and triage and handling of security information and events. A Defender also, assists in updating/developing, implementing and operating requisite processes and procedures as well as helping to develop and configure use cases, and alerting rules within Security Information and Event Management (SIEM) technologies.

Helping to develop and present appropriate Key Performance Indicators (KPI) and Key Risk Indicators (KRI) and other requisite reporting to the Head of Security Operations whilst assisting in projects and initiatives relevant to the role are usually expected. In addition to liaising closely not only with the team to ensure the correct response and remediation of security information and events but also liaising with third party suppliers to ensure the correct response and remediation of security information and events could also fall under your remit.

What are companies looking for?

• Good analytical skills and the ability to see the big picture and apply the relevant detail to it. Ability to cut through the noise and provide clear and appropriate recommendations and direction at pace and under stress.
• Demonstrable ability to clearly represent the implication of threats and risks to the business in both verbal, written, and presentational form and to make recommendations for action.
• A cool head required to think clearly under pressure and to make good timely decisions whilst keeping in pace with the emerging picture as it applies to the company’s business risk appetite and context.
• Must have a strong appetite to learn new and upskill existing cyber security knowledge.
• Eagerness to learn and a passion for technology and cyber security.

UK Earning Potential

Upwards of £27,000 depending on geography, experience and definition. *

* source: Indeed March 2020

Learn more about the Seven Personae of Cyber