Principal Cyber Security Lead

This is a particularly exciting moment to become part of the Competition and Markets Authority (CMA). As the principal body responsible for competition and consumer protection in the United Kingdom, the CMA is charged with ensuring that markets operate efficiently and fairly for consumers. The organisation plays a crucial role in tackling significant challenges currently facing the UK, such as enhancing productivity, driving economic growth, strengthening economic resilience, reducing cost of living pressures, and addressing the influence of major digital corporations. Additionally, the CMA is at the forefront of navigating the unprecedented opportunities and risks presented by emerging technologies, including Artificial Intelligence.

In response to these evolving challenges, the CMA has formed the Executive Directorate for Data, Technology, and Insight (DTI). This directorate brings together expertise and activities across several critical domains of increasing importance. Among these are data science, data engineering, artificial intelligence, behavioural science, technology insight, and digital forensics. The directorate also encompasses the development and management of technology systems, architecture, digital products, and tools, thereby consolidating the CMAs capability to respond effectively to the demands of the digital age.

The Principal Cyber Security Lead is a vital member of the Cloud and Infrastructure team, dedicated to safeguarding data, systems, and services.

The role centres on becoming the technical cyber security lead within CMA, taking the technical lead for the entire defensive stack and the opportunity to remediate, improve, and enhance CMAs cyber. By performing these functions, the Principal Cyber Security Lead supports the CMAs ongoing commitment to secure and robust digital operations.

Key responsibilities will include;

• Providing technical expertise and leading on security controls
• Security solution administration and enhancement
• Incident response
• Security Operations Centre (SOC) engagement
• Vulnerability reporting
• Continuous improvement and governance
• Identity and access management
• Compliance and framework alignment

It is essential that you can provide evidence and examples for each of the following selection criteria in your application. For tips on how to make the most your application, please have a look at our guidance document.

Essential:

• Demonstrated experience with Microsoft Sentinel, Microsoft Defender for Endpoint/Cloud SIEM tools, threat intelligence platforms, and vulnerability management. (Lead Criteria)
• Hands on experience securing Microsoft Azure and Amazon Web Services cloud environments. (Lead Criteria)
• Technical experience working and securing Microsoft Client and Server technologies such as Windows 11, Windows Server and SQL Server.
• Knowledge of security operations, digital threat monitoring, and common frameworks for cyber incident response.
• Experience in taking ownership for analysing and interpreting security events/logs and performing digital forensics tasks end-to-end from alert to remediation.
• Strong analytical, communication, and problem-solving skills, including the ability to produce clear technical and non-technical reports.

Desirable:

• Understanding of network protocols, firewalls, intrusion detection/prevention, anti-malware, and incident response methodologies.
• Recognised cyber security certifications (e.g., CompTIA Security+, CEH, GIAC, CISSP).
• Experience with Darktrace
• Experience with Ubuntu (or Linux)