Job
Description
Why join usDiversity, Equality and Inclusion at DWF Nurturing talent is very important to us. We are committed to equal opportunities in all areas of work and business. We want people to achieve their best, which will positively impact on our clients and communities in which we live and work. At DWF, we empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations. Responsibilities Key Responsibilities Technical Leadership Management: Provide strong technical leadership to a team of threat hunters, digital forensics experts, and incident responders. Foster a culture of continuous learning, collaboration, and excellence within the SOC team. Ensure the team is well-trained, motivated, and following best practices for security operations. Threat Hunting Intelligence: Oversee the development of proactive threat hunting strategies to identify unknown or evasive threats that may bypass traditional security measures. Gather and analyze threat intelligence from diverse sources to anticipate emerging attacks and hunt for indicators of compromise before they cause harm. Leverage advanced tools and DWF Group - Confidential Data methodologies to continuously search for signs of malicious activity within the network. Incident Response Investigation: Lead the end-to-end incident management process - from detection and containment to eradication and recovery. When security incidents occur, coordinate the team s rapid response to minimize impact and restore operations swiftly. Conduct in-depth investigations of incidents to determine the extent of compromise, root causes, and attack vectors. Guide the team in following incident response playbooks and adapt tactics as needed for complex or novel attacks. Digital Forensics Evidence Handling: Provide expert direction in digital forensics during incident investigations. Ensure that the team properly collects, preserves, and analyzes electronic evidence from affected systems in accordance with legal and regulatory standards. Utilize forensic tools and techniques to uncover artifacts of malicious activity (e.g., malware traces, log data, compromised accounts) and build a clear timeline of events. Maintain chain-of-custody and documentation of evidence for potential legal proceedings or regulatory inquiries, upholding the integrity of the data collected. Reporting Documentation: Prepare comprehensive incident investigation reports detailing the findings, actions taken, and remediation recommendations for each significant incident. Communicate incident status and post-incident analysis to both technical teams and non-technical stakeholders (such as executives or client representatives) in a clear and concise manner. Log all incidents and near-misses in our tracking systems, and use this data to identify trends or recurring issues that can inform improvements in security controls. Cross-Functional Collaboration: Collaborate closely with other teams - including IT infrastructure, applications, compliance, and the broader risk management group - to proactively mitigate risks and respond to incidents. Provide security expertise and actionable recommendations to these teams (for example, advising on patching critical vulnerabilities or improving access controls) to prevent incidents. Work with the Legal and Compliance departments to ensure that incident response and reporting processes meet all legal, regulatory, and client requirements (e.g., breach notifications, evidence handling standards). Serve as an escalation point and subject matter expert for security issues that involve multiple departments or complex technical challenges. Continuous Improvement Strategy: Keep abreast of the latest threat landscape trends, attacker techniques, and vulnerabilities. Continuously update the team s techniques and tools to address new threats. Refine and DWF Group - Confidential Data evolve the SOC s standard operating procedures, playbooks, and response strategies based on lessons learned from incidents and changes in the business. Establish metrics and KPIs (such as incident response times, threat detection rates, etc.) to measure the team s performance and drive improvements. Develop security policies and procedures in line with industry best practices and the firm s needs, and ensure the team and relevant stakeholders are trained on them. MA Security Integration: Support the security aspects of mergers and acquisitions activities. When the firm acquires or merges with other organizations, assess the acquired company s security posture and lead efforts to integrate its IT systems and data safely into our environment. Identify any inherited vulnerabilities or threats during the acquisition process and advise on remediation. This may involve conducting cybersecurity due diligence, aligning disparate security tools or protocols, and establishing unified security standards across the merged entities. Ensure that sensitive data is protected throughout the transition and that the combined operations adhere to our security and compliance requirements. Escalation Incident Command: Serve as the incident commander during critical security events. Provide clear direction to responders, allocate resources, and make quick decisions to contain threats. Act as the primary point of contact for major incidents, briefing senior management and, when appropriate, coordinating with external parties such as cybersecurity consultants, law enforcement, or regulatory bodies. After resolution, conduct thorough post-incident reviews with the team to identify lessons learned and drive process improvements to prevent similar incidents in the future What will help you succeed in this roleQualifications and Experience Education Certifications: Bachelor s degree in Information Security, Computer Science, or a related field (or equivalent experience). While formal education is valued, hands-on experience is paramount. Relevant industry certifications such as GIAC (e.g., GCIH), CISM, or other cybersecurity credentials are highly desirable (nice-to-have) but not mandatory. Experience: Proven experience in cybersecurity with a focus on threat hunting, digital forensics, and incident response (approximately 3+ years overall is preferred). Within this, at least 2 years in a technical lead or managerial role overseeing security operations or incident response teams. Demonstrated history of handling complex security incidents and driving them to resolution. Experience in the legal industry or other highly regulated environments is a DWF Group - Confidential Data plus, as is experience supporting cybersecurity during mergers and acquisitions (e.g., performing security due diligence or integrating acquired IT environments). Technical Expertise: Deep knowledge of security operations technologies and practices. This includes hands-on familiarity with SIEM tools, intrusion detection/prevention systems, EDR (Endpoint Detection and Response), and other threat detection platforms. Strong understanding of malware analysis techniques, network security, and incident analysis methodologies. Experience with digital forensic tools (for disk, memory, and network forensics) and analyzing system log data to identify anomalies. Up-to-date with current threat intel feeds, TTPs (tactics, techniques, and procedures) of attackers, and vulnerability assessment practices. Ability to script or use automation for incident response is an advantage. Technical Leadership Communication Skills: Outstanding technical leadership abilities with a proven track record of building and guiding highperforming teams. Able to mentor and develop junior analysts, and manage teams across different locations. Excellent communication skills, both written and verbal. Capable of conveying technical findings and security concepts in clear, non-technical language to inform lawyers, executives, or clients as needed. Strong collaboration skills to work with cross-functional teams and influence others to prioritize security. Calm under pressure, with the ability to make sound decisions during high-stress incident scenarios. Knowledge of Legal/Regulatory Frameworks: Solid understanding of the legal and regulatory requirements surrounding cybersecurity in an international context. Familiarity with data protection laws and breach notification regulations is expected - for example, understanding GDPR obligations for handling EU personal data and reporting breaches. Knowledge of standards and frameworks such as ISO 27001, NIST, or ITIL incident management processes is beneficial. An appreciation for the ethical duty of confidentiality in the legal profession and how it impacts information security (e.g. protecting attorney-client privileged data) is important. Problem-Solving Ethics: Strong analytical and problem-solving skills, with a talent for troubleshooting complex security problems and identifying innovative solutions. High degree of professional integrity, ethical conduct, and commitment to maintaining the confidentiality of sensitive information at all times. A proactive mindset with passion for staying ahead of cyber threats and continuously improving security practices What we offerAt DWF, we deeply appreciate the significance of offering a comprehensive rewards package that extends beyond a basic salary. Our commitment is to ensure that each member of our team not only feels valued but is also duly rewarded throughout their tenure with us. Upon joining our organisation, you will have the opportunity to select from a diverse array of benefits, allowing you to carefully tailor a package that perfectly aligns with your individual needs and those of your family. In addition to our standard benefits, we offer a wide range of flexible benefits and robust well-being programs. Our recruitment process upholds the highest standards of fairness and engagement. It includes comprehensive interviews and, at times, a written assessment, an assessment day, or presentation. We aim to create a positive experience for all candidates and offer any adjustments or additional support. About us DWF is a global legal business providing Complex, Managed and Connected Services. We empower people to be themselves within an inclusive and supportive environment, enabling everyone to achieve their full potential in line with their abilities and career aspirations.
