Skip to main content
Date posted 27/09/2023
View our location Explore this location
Apply now
Work location
Dual Location - Home & Reading Office
Contract type
Shift pattern
Standard Working Week

CERT Consultant

Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.


  • This role is responsible for providing subject matter expertise and guidance to Security professionals and Partners that own the day to day safeguarding of customer information and physical assets of the company
  • Provide oversight and governance of our Security Operations Centre (SOC) to assure operational effectiveness to identify and detect security threats, coordinating an effective rapid response and recovery.
  • Responsible for Vulnerability / Threat Management and Security Critical Incident Response
  • Establish, monitor, evaluate and report in a professional manner; clearly highlighting the current state of Security Operations and any associated risks
  • Responsible for the tactical management of cyber security incidents; the direction of response activities (in accordance with NIST SP800 60 R2); including the supervision of Cyber Security Analysts.
  • Demonstrate effective Partner and internal team collaboration to identify and drive capability maturity levels
  • Responsible for driving the proactive use of security tooling and partner services in protecting customer, business and employee information.
  • Contribute to ensuring Three UK Security Policies, Standards and contractual requirements are delivered
  • Provide support in proactive and effective oversight (and where appropriate challenge) of the technology and security risk management frameworks, methodologies, processes, assurance, remediation and reporting activities across the company.
  • Work with technology, Security and business stakeholders to help identify, define and prioritise pragmatic and efficient remediation activities in relation to risk and control issues identified. Where Residual Risk is above appetite, facilitate the Risk acceptance process.
  • Effective governance of external partners and internal teams to deliver and assure Security Operations services to the business
  • Effective governance of the Vulnerability Management programme
  • Effective governance of Threat Management and Security Incident Response capabilities
  • Lead appropriate and focussed Cyber Threat Intelligence (CTI) services
  • Lead and assure effective intelligence led Threat Hunting capability
  • Lead and assure effective cyber threat detection capability
  • Develop and contribute to documentation required by Security Operations functions and capabilities
  • Support the Security Operation Lead in technical and strategical decision making

Must Have:

  • Must have practical experience of working in a security incident response team and leading the technical response to cyber security incidents and be able to act as the incident manager.
  • Must have experience working with cyber security tools and technologies including endpoint security, email security, network security tools, SIEM and SOAR etc, and be able to optimise such tools.
  • Must have a have experience in Vulnerability / Threat management including threat intelligence and threat hunting.
  • Must have the ability to develop use cases / detections based on frameworks such as MITRE ATT&CK.
  • Understanding of cyber security standards and frameworks (ISO27001, NIST, SANS, OWASP etc).
  • Knowledge of TCP/IP, network protocols, OSI model, routing and switching and packet analysis tools.


  • Security related certifications are desirable, particularly blue team certs such as SANS / GIAC.
  • Scripting knowledge would be an advantage including PowerShell, Python, and Bash etc.
  • Up-to-date knowledge of current exploits, vulnerabilities, threats, and security analysis techniques.
  • An appreciation for digital forensics and maintaining the chain of custody.
  • Experience of conducting deep level investigation and analysis, such as malware reverse engineering, using different toolsets is desirable.
  • Understanding of various operating systems, including Windows and Unix.
  • Knowledge of penetration testing processes and techniques is desirable.
  • Working knowledge of one or more SIEM solutions.
  • Experience of improving the maturity level of security controls in line with industry best practice and standards.
Apply now