Job
Description
Why join us? Key Responsibilities Threat Monitoring & Detection: Continuously monitor security tools and systems (SIEM, EDR, IDS/IPS, etc.) for suspicious activity or anomalies. Analyse and triage security alerts in real-time, assessing their legitimacy and severity. Quickly distinguish false positives from genuine threats and escalate significant incidents for immediate action. Use your expertise to fine-tune alerting rules and reduce noise, ensuring the SOC focuses on meaningful threats. Incident Response & Investigation: Serve as a front-line responder and incident handler for cybersecurity incidents. Follow established incident response procedures to contain threats and minimise damage when an incident is confirmed. Lead the technical investigation of complex incidents, determining the scope, root cause, and attack vector. This includes analysing logs, network traffic, malware, and other evidence to piece together what happened. When needed, perform in-depth digital forensics (e.g. malware analysis or disk/memory forensics) to retrieve artifacts of the attack and understand the full impact. Collaborate with the Incident Manager or SOC Lead on major incidents, taking technical ownership of containment and eradication steps. Ensure rapid recovery and verification that threats have been neutralised before restoring systems. Proactive Threat Hunting & Detection Enhancement: Leverage your experience to go beyond reactive monitoring and proactively hunt for threats that may evade automated security tools. Regularly conduct threat hunting exercises across network and endpoint data to identify stealthy malicious activity or vulnerabilities. Develop and refine new detection rules, alerts, and security controls based on your findings to improve our ability to catch advanced threats. Work closely with security engineering teams to implement these improvements in our SIEM and other monitoring platforms. Stay attuned to the latest attacker tactics and techniques; if credible new threats emerge (e.g. a novel malware or hack tactic), pivot to hunt for any signs of those in our environment. Threat Intelligence & Trend Analysis: Monitor threat intelligence feeds and stay up-to-date on cybersecurity trends, emerging vulnerabilities, and attack campaigns relevant to our industry. Analyse how global threat developments DWF Group - Confidential Data might impact our firm, and share timely alerts or guidance with the team (for example, if a new vulnerability (Zero-Day) is being exploited in the wild, ensure we check our systems and apply patches or mitigations). Use this intel to inform your threat hunting and to adjust our defences pre-emptively. Identify patterns or recurring issues in security events and recommend strategic changes (such as additional security controls or user training) to address the root causes. Documentation & Reporting: Maintain meticulous documentation for all incidents and investigations. For each incident handled, document the details, analysis steps, containment actions, and resolution outcomes in our incident management system. Prepare clear and comprehensive incident reports that can be shared with both technical teams and non-technical stakeholders. These reports should outline what happened, how it was remediated, and recommendations to prevent similar incidents. Contribute to the SOC s knowledge base by recording lessons learned and updating incident response playbooks or runbooks. This ensures the team can handle similar incidents more efficiently in the future and helps fulfil any compliance or audit requirements for incident record-keeping. Mentoring & Knowledge Sharing: Act as a subject matter expert and mentor within the SOC team. Be the fount of knowledge that less-experienced analysts can rely on for guidance. Provide on-the-job training, tips, and best practices to junior SOC analysts during investigations and day-to-day monitoring. Guide and support junior analysts through complex investigations and response efforts, helping them develop their skills in threat analysis and incident handling. Lead by example in documentation, analysis techniques, and adherence to processes. Additionally, you may conduct periodic knowledgesharing sessions or post-incident debriefs to help the entire team learn from notable incidents or new threat tactics. Cross-Functional Coordination: Collaborate with a variety of teams and stakeholders to ensure effective incident resolution and strengthen overall security. Work closely with IT infrastructure and application teams to understand system behaviours and assist in remediation (for instance, coordinating the isolation of affected servers or deployment of critical patches during an incident). Interface with the Legal and Compliance departments when needed, especially if an incident involves sensitive client data or may require legal actions and notifications - understanding that certain incidents in a law firm may invoke client breach reporting or evidentiary preservation needs. Coordinate with the Communications/PR team if a significant breach requires internal or external communications, ensuring consistent and accurate messaging. Your role is to make sure everyone who DWF Group - Confidential Data needs to be involved in an incident is informed and working in sync, thereby facilitating a swift, unified response. Security Awareness & Preventive Measures: Contribute to improving the human element of security in our firm. Take a leading role in organising and executing phishing simulation campaigns and other security awareness exercises for employees. Analyse the results of phishing tests to identify common weaknesses or departments that may need extra training. Work with our security awareness or IT training teams to provide feedback and implement remedial actions that reduce the risk of successful phishing and social engineering attacks in the future. Additionally, provide security guidance to staff when needed - for example, by reviewing suspicious emails reported by users or advising on best practices - thereby injecting your knowledge into the broader organisation beyond the SOC. Process Improvement & Preparedness: Continuously seek opportunities to improve the SOC s processes and tools. After major incidents, lead a thorough post-mortem analysis with the team to discern what went well and what could be improved. Update incident response playbooks and checklists based on lessons learned or changes in the IT environment. Ensure our incident response plans align with industry standards (such as NIST 800-61) and legal industry requirements. Participate in (and sometimes lead) incident response drills and tabletop exercises to test the team s readiness for various scenarios (e.g., a ransomware outbreak or a significant data breach). These simulations help strengthen the team s coordination and build muscle memory for real incidents. Also, collaborate with the SOC Manager/Lead on identifying tool or capability gaps - for instance, if you notice that certain types of threats are hard to investigate, you might champion the adoption of a new forensic tool or a SIEM enhancement. Your seasoned perspective is valuable in steering investments in SOC capabilities and ensuring the team stays ahead of adversaries. Responsibilities You should be adept at querying and correlating data to spot threats across complex IT systems. Hands-on experience with digital forensic techniques and tools (for disk imaging, memory analysis, malware analysis, etc.) is expected - you know how to uncover and analyse evidence left by attackers. Familiarity with threat intelligence platforms and feeds, and the ability to integrate threat intel into SOC monitoring, is important. Scripting or basic programming skills (Python, PowerShell, etc.) to automate tasks or parse data are a plus. Overall, you should be comfortable with the technical underpinnings of modern cyber-attacks (network protocols, Windows/*nix internals, cloud security, etc.) and how to detect and stop them. Incident Response Expertise: Demonstrated ability to handle incidents from start to finish. You have a clear understanding of incident response frameworks (e.g. NIST CSIRP, SANS PICERL) and can effectively perform each phase: preparation, identification, containment, eradication, recovery, and lessons learned. Experience conducting root cause analysis and driving remediation efforts is essential. You should be able to coordinate multiple parallel workstreams during an incident (e.g., one focusing on containment, another on analysis, etc.) and ensure nothing is overlooked. Experience with threat hunting and identifying incidents proactively is highly valued, as it shows you can go on the offensive against threats, not just react. Leadership & Communication: Excellent communication and teamwork abilities. In this senior role, you must communicate clearly with different audiences - from technical peers to lawyers and executives. Ability to translate DWF Group - Confidential Data complex technical findings into clear, concise explanations is key, especially when briefing non-technical stakeholders after an incident. Strong written communication is important for reports and documentation. You should be comfortable providing guidance and constructive feedback to junior team members. Prior experience mentoring or training others (formally or informally) will serve you well, as a portion of this role is to uplift the skills of the team. We are looking for someone who can take initiative, remain calm under pressure, and lead by example during crisis situations. A collaborative mindset is crucial - you will work with a variety of teams, so being able to build positive working relationships and influence others to act on security recommendations is part of the job. Knowledge of Regulations & Best Practices: Good understanding of relevant security standards and regulations. Familiarity with data protection laws (such as GDPR in Europe) and breach notification requirements will help ensure our incident handling remains compliant. Awareness of legal-industry specific concerns like protecting attorney-client privilege during breach investigations is a plus. Knowledge of frameworks like MITRE ATT&CK for threat analysis, and ISO 27001 or SOC 2 for security controls, can provide helpful context in this role. You should also exhibit a strong ethical compass and respect for confidentiality, given the legal sensitivities of the data we handle. What will help you succeed in this role? Qualifications and Experience Education: Bachelor s degree in Cybersecurity, Information Security, Computer Science, or a related field is preferred. Equivalent practical experience is fully recognised. Relevant certifications that demonstrate your expertise in incident response or security operations are a plus (e.g., GCIH, CISSP, CISM, GCFA, CEH). While not strictly required, such certifications indicate a solid knowledge base and commitment to the field. More importantly, we value a proven track record and hands-on skills in security operations over formal credentials alone. DWF Group - Confidential Data Experience: Extensive experience in security operations and incident response. We expect on the order of 4-6+ years of dedicated cybersecurity experience, with significant time spent in a SOC or Incident Response role. This should include handling a wide variety of security incidents from detection through resolution. You should have seen everything from minor malware infections to major security breaches and be comfortable acting as the escalation point for complex cases. Experience specific to legal or other highly regulated industries is beneficial (due to understanding of data sensitivity and compliance needs), as is experience dealing with cross-border security challenges. Any experience in supporting cybersecurity during mergers & acquisitions (integrating acquired company s networks, data protection during transitions) would be an asset, as our firm is growing and occasionally acquires other businesses. Technical Skills: Deep knowledge of security technologies and incident response practices. Strong proficiency with SIEM platforms, intrusion detection/prevention systems, EDR tools, and log management is required, as these are the primary tools for monitoring and investigating incidents. You should be adept at querying and correlating data to spot threats across complex IT systems. Hands-on experience with digital forensic techniques and tools (for disk imaging, memory analysis, malware analysis, etc.) is expected - you know how to uncover and analyse evidence left by attackers. Familiarity with threat intelligence platforms and feeds, and the ability to integrate threat intel into SOC monitoring, is important. Scripting or basic programming skills (Python, PowerShell, etc.) to automate tasks or parse data are a plus. Overall, you should be comfortable with the technical underpinnings of modern cyber-attacks (network protocols, Windows/*nix internals, cloud security, etc.) and how to detect and stop them. Incident Response Expertise: Demonstrated ability to handle incidents from start to finish. You have a clear understanding of incident response frameworks (e.g. NIST CSIRP, SANS PICERL) and can effectively perform each phase: preparation, identification, containment, eradication, recovery, and lessons learned. Experience conducting root cause analysis and driving remediation efforts is essential. You should be able to coordinate multiple parallel workstreams during an incident (e.g., one focusing on containment, another on analysis, etc.) and ensure nothing is overlooked. Experience with threat hunting and identifying incidents proactively is highly valued, as it shows you can go on the offensive against threats, not just react. Leadership & Communication: Excellent communication and teamwork abilities. In this senior role, you must communicate clearly with different audiences - from technical peers to lawyers and executives. Ability to translate DWF Group - Confidential Data complex technical findings into clear, concise explanations is key, especially when briefing non-technical stakeholders after an incident. Strong written communication is important for reports and documentation. You should be comfortable providing guidance and constructive feedback to junior team members. Prior experience mentoring or training others (formally or informally) will serve you well, as a portion of this role is to uplift the skills of the team. We are looking for someone who can take initiative, remain calm under pressure, and lead by example during crisis situations. A collaborative mindset is crucial - you will work with a variety of teams, so being able to build positive working relationships and influence others to act on security recommendations is part of the job. Knowledge of Regulations & Best Practices: Good understanding of relevant security standards and regulations. Familiarity with data protection laws (such as GDPR in Europe) and breach notification requirements will help ensure our incident handling remains compliant. Awareness of legal-industry specific concerns like protecting attorney-client privilege during breach investigations is a plus. Knowledge of frameworks like MITRE ATT&CK for threat analysis, and ISO 27001 or SOC 2 for security controls, can provide helpful context in this role. You should also exhibit a strong ethical compass and respect for confidentiality, given the legal sensitivities of the data we handle What we offer? At DWF, we deeply appreciate the significance of offering a comprehensive rewards package that extends beyond a basic salary. Our commitment is to ensure that each member of our team not only feels valued but is also duly rewarded throughout their tenure with us. Upon joining our organisation, you will have the opportunity to select from a diverse array of benefits, allowing you to carefully tailor a package that perfectly aligns with your individual needs and those of your family. In addition to our standard benefits, we offer a wide range of flexible benefits and robust well-being programs. Our recruitment process upholds the highest standards of fairness and engagement. It includes comprehensive interviews and, at times, a written assessment, an assessment day, or presentation. We aim to create a positive experience for all candidates and offer any adjustments or additional support. About us DWF is a global legal business providing Complex, Managed and Connected Services. We empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations.
