Defence Automation Manager

This is a high-impact greenfield role ideal for a strategic and hands-on cybersecurity professional. As an individual contributor you will be responsible for defining and implementing the end-to-end operating model for collaboration between the central Security Operations Centre (SOC) and supporting functions. You will formulate all core processes define areas of handover with the core SOC and establish the technology stack and deliverables necessary to enable scalable and effective security operations.

A key early responsibility will be contributing to the selection and onboarding of a new Managed Security Services Provider (MSSP). You will work closely with the chosen vendor to define operational procedures service delivery models key performance indicators (KPIs) and service level agreements (SLAs). Building a strong collaborative relationship with the MSSP will be a critical short-term goal.

In the longer term this role will take ownership of developing the business case for building and strengthening internal capabilities laying the foundation for a future in-house team and transitioning key functions where strategically appropriate. You will also be expected to build trusted relationships with external stakeholders across operating companies to ensure SOC services are aligned with business risk and operational priorities

Automation of SOC Processes 
Design and implement automation solutions to streamline repetitive tasks such as alert triaging incident response and reporting

- Tool Integration
Integrate various security tools (SIEM SOAR firewalls etc.) to improve data flow and response coordination.

- Optimization of Workflows
Enhance and optimize SOC workflows for improved efficiency and reduced manual effort.
- Development of Playbooks
Create automated response playbooks for common security incidents enabling faster and more consistent incident handling.

- Collaboration with Security Teams
Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions.
- Monitoring and Maintenance
Ensure the continuous operation and performance of automation tools resolving issues as they arise.

- Continuous Improvement
Regularly review and update automation scripts and processes to adapt to evolving threats and technologies.

- Documentation
Maintain detailed documentation of automation workflows playbooks and configurations.
 

Qualifications :

Bachelors degree in Cybersecurity Computer Science Information Technology or related field (or equivalent experience).
Industry certifications such as:
Certified Information Systems Security Professional (CISSP)
Certified Incident Handler (GCIH)
GIAC Security Automation Expert (GCSA)
Splunk Certified Automation Consultant or relevant SOAR certifications.
Experience with automation tools (e.g. SOAR platforms Ansible Phantom or similar).
Proficiency in scripting languages (e.g. Python PowerShell Bash).
Strong understanding of SOC processes including incident response and threat detection.
Experience with SIEM platforms (e.g. Splunk).
Knowledge of security frameworks (e.g. NIST MITRE ATT&CK

Proficiency in automation tools (e.g. SOAR platforms Ansible Phantom).
Expertise in scripting languages (e.g. Python PowerShell Bash).
Strong knowledge of SOC processes (incident response threat detection).
Experience with SIEM platforms (e.g. Splunk).
Ability to integrate and automate security tools.
Strong problem-solving and analytical skills.
Experience in developing automated workflows and playbooks.
Knowledge of security frameworks (e.g. MITRE ATT&CK NIST).
Strong collaboration and communication skills.
Experience with log management and event correlation automation

3-5 years of experience in SOC or cybersecurity roles.
Hands-on experience with automation tools (e.g. SOAR Ansible Phantom Demisto).
Experience with scripting languages (e.g. Python PowerShell Bash) for automation.
Experience integrating and automating security tools and processes.
Strong background in SOC operations incident response and threat detection.
Experience with SIEM platforms (e.g. Splunk QRadar ArcSight).
Experience developing and managing automated response workflows.
Familiarity with security frameworks like MITRE ATT&CK or NIST.
Experience working with security log management and event correlation tools.

Additional Information :

Benefits
The chance to enjoy a challenging career in an exciting fast-moving environment in a dynamic industry working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance as well as the many benefits offered by a global organisation including health insurance pension and performance bonuses

Diversity and Inclusion
IAG Tech is part of the IAG GBS organisation and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.

We focus on making Tech a great place to work with a community that we feel proud to belong to. To help make this a reality our people strategy focuses on six key domains: Engagement Talent Management Reward and Recognition Performance Management Learning and Development and Culture. 

We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy everyone should feel part of our team. We want to foster an inclusive workplace celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions regardless of their personal circumstances or background. 

As a Group IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition and we are working to help make it a reality. With this in mind we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.

Remote Work :

No

Employment Type :

Full-time