CSIRT Lead Analyst

Job Description: CSIRT Lead Analyst (cyber security incident response team Lead Analyst) Primary location: Staines (TW18 3DZ), Salford (M50 3SP) or London (EC2R 7HJ) Flexible / Hybrid working options. Permanent up to £85,700 Neg (depending on exp. & location). 10% Bonus+ fantastic benefits Full time 37.5 hours We consider all types of flexibility, including locations, hours and working patterns. We make health happen At Bupa, we’re passionate about technology. With colleagues, customers, patients and residents in mind you’ll have the opportunity to work on innovative projects and make a real impact on their lives. Right from the start you’ll become part of our digital & data strategy, joining us on our journey and developing yourself along the way. This is an exciting opportunity to join Bupa undergoing significant transformation. As a Technical Lead, you will be instrumental in driving a large-scale security transformation program. Your hands-on expertise will be crucial in developing and embedding a high-performing security incident management and response function within Bupa. How you’ll help us make health happen: Provide technical expertise on security incidents and lead technical investigations. Act as the senior technical representative for the CSIRT team, managing high-priority incidents. Oversee a 24x7 incident management and response service to ensure IT security and integrity. Develop and implement security strategies to protect sensitive data and systems. Lead and support security analysts, coordinating with other departments for a unified approach. Monitor, evaluate, and report on metrics and KPIs to assess the effectiveness of security services. Represent the security incident management function at governance committees. Ensure policies and procedures align with Bupa's enterprise security standards. Liaise with strategic third-party security suppliers and partners. Foster a high-performing incident management function to detect and respond to cyber security events. Educate the team and wider CISO function on security best practices. Collaborate with internal teams and outsourced suppliers for continuous improvement. Ensure the SOC has visibility and technology to detect cyber security incidents. Manage cyber security incidents promptly to minimize business impact. Build strong relationships within the cyber security team and the wider business. Understand security risks and threats to inform incident management processes. Work with the CISO team to develop tools and processes for effective SOC incident management. Provide cyber security consultancy and guidance to ensure compliance with regulations and standards. Liaise with external consultants and clients on incident management activities. Key Skills / Qualifications needed for this role: Experienced Technical lead / SME for CSIRT team Hold relevant professional qualifications in Cyber and Information Security (e.g., OCSP, CISM, CISSP, CEH). Understanding of network protocols, firewalls, VPNs and intrusion detection/prevention systems Experience in languages like Python, PowerShell or Bash for automating tasks and analysing data Ability to gather, analyse, and interpret threat data to anticipate and mitigate potential attacks. Expert in identifying, managing, and mitigating security incidents. Skills in identifying and addressing security vulnerabilities. Experience in cybersecurity, Incident Response and Recovery Management, defensive security practices and threat management. Strong knowledge of common security incidents and attack vectors. Strong situational awareness. Experience of incident response and remediation tools. High-level knowledge of penetration testing tools and techniques, and security testing frameworks (e.g., Nessus, Metasploit, Burp Suite, Nmap and OpenSCAP) in an offensive or defensive role. Experience working with Red Teaming, Purple Teaming and Attack Automation. Familiarity with industry regulations and compliance standards relating to cybersecurity, such as NIST CSF, PCI DSS, DPA 2018, GDPR and ISO 27001. Experience of Incident Response and Recovery Management in cloud environments (such as Azure, GCP and/or AWS) including Network Security, Zero Trust models, Containers, Containerised applications and infrastructure e.g., Kubernetes and Serverless architectures. Excellent analytical and problem-solving skills, with the ability to analyse complex technical issues and recommend effective solutions. Strong communication skills, with the ability to convey technical concepts and findings to non-technical stakeholders and senior management. Influencing and facilitating people within Bupa and associated market units, business teams globally and external parties (for example Bupa customers, Regulators, Third Party Suppliers, Offshore Partners and other business relationships). Ability to take decisive action where time is a critical factor and maintain a high degree of confidentiality, even under pressure. Self-motivated, capable of operating under pressure and at pace, ability to manage and prioritise own time effectively and take decisions proactively. Continuously raise the performance bar with a thirst for learning from knowledge-sharing, training, and expert resources. A logical approach to conceptual thinking and the ability to solve problems to the highest quality in different scenarios. Benefits Our benefits are designed to make health happen for our people. Viva is our global wellbeing programme and includes all aspects of our health – from mental and physical, to financial, social and environmental wellbeing. We support flexible working and have a range of family friendly benefits. Joining Bupa in this role you will receive the following benefits and more: • 25 days holiday, increasing through length of service, with option to buy or sell • Bupa health insurance as a benefit in kind • An enhanced pension plan and life insurance • Annual performance-based bonus • Onsite gyms or local discounts where no onsite gym available • Various other benefits and online discounts Why Bupa? We’re a health insurer and provider. With no shareholders, our customers are our focus. Our people are all driven by the same purpose – helping people live longer, healthier, happier lives and making a better world. We make health happen by being brave, caring and responsible in everything we do. We encourage all of our people to “Be you at Bupa”, we champion diversity, and we understand the importance of our people representing the communities and customers we serve. That why we especially encourage applications from people with diverse backgrounds and experiences. Bupa is a Level 2 Disability Confident Employer. This means we aim to offer an interview/assessment to every disabled applicant who meets the minimum criteria for the role. We’ll make sure you are treated fairly and offer reasonable adjustments as part of our recruitment process to anyone that needs them. Time Type: Full time Job Area: IT Locations: Angel Court, London, Bupa Place, Staines - Willow House Be at the heart of helping people live longer healthier, happier lives and making a better world. We employ more than 80,000 people globally who are making this a reality. If you've got the belief, the drive and the talent to help us in our ambition then we’d like to hear from you. Wherever you work, one thing stands out about Bupa people. Our customers are our passion – they’re at the heart of our positively different culture of care. At Bupa you’ll be challenged, you’ll be encouraged to innovate, and collaborate with colleagues who are committed to delivering exceptional experiences. We trust, respect and consider everyone, knowing your difference will make the difference. Please introduce yourself to our recruiters and we'll get in touch if there's a role that sounds like a good match.