CSIRT L3 SecOps Lead (M/F) - Porto

Porto Indefinido

Atualizado 19/05/2022

  • Multinational Company
  • New techonology HUB!

Sobre o nosso cliente

Our client is the world's leading data, insights and consulting company working with several different industries


The Cyber Security Operations (SecOps) team is integral in linking cyber security custom and practice to the global Kantar business, monitoring, detecting and responding to alarms and incidents, identifying, prioritizing and driving remediation for vulnerabilities and testing responsive protocols. This is integral to ensuring security capabilities can enable value generation, prevent value destruction (aligned to the cyber risk posture), support secure technology transformation and security is designed for the demands of clients, products and consulting, regions, divisions, employees.

The role will be key to ensuring Incident Response and Forensic processes, and capabilities are operated expertly, that SOC maturity plans are mapped, and security tooling investment is optimised. This is a role that will require high levels of technical expertise, coupled with sound communication and managerial skills. It will enable detect and respond maturity to be elevated and a continuous learning, feedback and improvement model applied.Responsibilities

  • Responsible for all aspects of information security incident response, including actively collaborating and taking ownership to define and build incident response processes when necessary.
  • Responsible for ensuring triaged alarms by the L1 & L2 teams are investigated with rigor, categorized and security incident handling processes, along with sound thought leadership is applied.
  • Responsible for tuning and evolving a range of security tooling as part of ongoing telemetry refinement, making recommendations where possible on how to better optimize or where situational awareness gaps are (and proposals for how to address).
  • Responsible for managing and reporting incident status and updates using a combination of clear and concise verbal and written inputs.
  • Responsible for performing investigations of security incidents applying deep domain knowledge across digital forensic artifacts, log data analysis etc
  • Researching and developing thought leadership proposals for ways to achieve greater automation for investigation & response capabilities that scale.
  • Responsible for coordinating and driving resolution of a diverse range of incidents as part of an on-call team. Analyze root causes, trends and systematic issues.
  • Responsible for ownership of the Global Incident Response manual and incident playbooks, working with other teams to address gaps or update documentation and processes when testing or post incident reports identifies the need to adjust (continuous improvement)
  • Create and automate threat detection and hunting based on indicators observed during incident response or from threat intelligence.
  • Be able to deputize for the Director of CSIRT & eDiscovery
  • Influence & Communication: Collaborate well with cross-functional partner teams, such as Legal, Privacy, and Engineering for efficient, large-scale response.
  • Responsible for managing third party relationships to support complex forensics and maintenance/ownership of incident response retainers, analysing value and ensuring high quality insights are gained
  • Leading governance forums for third party managed services, ensuring sound value and effective relationships are in place.

Perfil ideal

  • A broad understanding of cyber security within a SOC or SecOps cyber function or within a managed security service provider
  • Highly developed specialist knowledge of and ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services.
  • Demonstrable knowledge of domestic and international laws governing information security; ability to interpret and take action on the aspects of information security laws that impact the business.
  • Extensive knowledge of techniques, approaches and processes of digital threats; ability to detect, monitor, analyse and prevent digital threats.
  • Highly developed specialist knowledge of and ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services.
  • In-depth knowledge of technologies, methods and tools of forensics investigations for IT security violations or potential threats; ability to identify, uncover and evaluate violations, warning reports, suspected incidents and insidious events.
  • Expert knowledge of and ability to utilise a variety of specific tools for collecting, analysing, and presenting digital-related evidence.
  • Experience of mentoring and leadership.
  • Excellent written and verbal communication skills.
  • Able to distill volumes of information within highly complex environments - understand context, simplify and prioritize 'signal' over 'noise' - demonstrable experience of driving to impact in this type of dynamic.


  • Demonstrable experience leading cyber security functional teams, applying strategic principles and generating business value from cyber investments.
  • Exceptional experience in a cyber security SOC analyst or Incident Response role.
  • Forensic/eDiscovery experience and in handling sensitive and/or complex technical investigations
  • Supporting references to validate executive level experience within cyber and operational delivery.
  • The ability to demonstrate a growth mindset, servant leadership style supported with strategic thinking and tactical execution.
  • Experience working in high pace environments and an ability focus on signal vs. noise
  • Strong verbal and written communication
  • Investment in people within and beyond the 'day job' must be able to be validated. Coaching, mentoring and supporting talent within


  • Great opportunity for career growth
  • Opportunity to work on a multinational that is building it's operations in Portugal
Pesquise mais Ofertas
Fábio Santos
Quote job ref

Resumo da Função

Information Technology
Technology & Telecoms
Tipo de contrato
Nome do Consultor
Fábio Santos
Referência da Oferta

Na Michael Page, acreditamos na Diversidade e Inclusão. Defendemos a igualdade de oportunidades sem discriminar por género, raça, ideia, religião, orientação sexual ou qualquer outro aspeto que possa ser considerado discriminatório ou de exclusão.