Formula One (F1) banner
Formula One (F1) logo
Job listing closed on 31 Jan 2024
13 Oct 2023

Cyber Security Operations Manager

🇬🇧 Biggin Hill, UK
Full Time
5+ years exp.

On the track, Formula 1 is a team sport. And the business behind is the same. We’re looking for a Cyber Security Operations Manager to join our Information Security team!

The Cyber Security Operations Manager will take a lead role in enhancing Formula 1’s detection and response capabilities across a growing and ever-changing business and technology landscape. Alongside security technologies, you’ll have a strong focus on people & processes to play a crucial part in building a leading security operations function.

Reporting into the Head of Information Security, you will:

  • Lead on the development of F1’s detection & response capabilities; utilising various security tools/technologies to drive both technology and process efficiencies.
  • Have a passion for identifying opportunities to introduce automation and orchestration of systems & operational playbooks. Focused on enabling more efficient discovery of security events and response/action.
  • Work closely with internal teams and external security partners to mature the governance and methodology for 24x7x365 incident response.
  • Take a lead role on incident investigation and the development of incident response procedures, providing both technical input and wider stakeholder engagement to ensure plans are defined, tested, and adapted to the growing business needs.
  • Focus on threat and vulnerability intelligence; take a threat-informed approach to security controls to minimise risks across the business. Build out the threat-hunting capability to improve detection of threats across F1’s environment(s).
  • Support the delivery of offensive security and red-teaming assessments, identifying opportunities for improvements to detection & response controls/processes.


  • Degree or equivalent qualification in relevant fields
  • Relevant security certifications – CISSP, CISM, GIAC SOC, etc
  • Strong understanding of defensive security techniques, technologies, and strategy.
  • Strong experience in logging and monitoring technologies (particularly for Cloud-based environments).
  • Theoretical and practical experience of incident response governance (lifecycles, frameworks, incident handling, etc.) in a fast-paced environment.
  • Knowledge of the MITRE ATT&CK Framework or common attack and response methodologies.
  • Experience in developing incident response playbooks/processes and ensuring they’re tested and formalised with different stakeholder audiences.
  • Knowledge of compliance & regulatory frameworks – ISO 27001, PCI DSS, GDPR, etc.
  • Experience with cloud-based environments (AWS, Azure) and their native security products/services, particularly focused around monitoring, detection & response.
  • Log correlation and analysis, including chain of custody and forensics investigations/requirements.
  • A track record of supporting multiple projects simultaneously.
  • Great interpersonal skills with experience in collaborating with colleagues across all seniority levels. The ability to communicate with both technical and non-technical audiences is essential.

Join Team Formula 1, make it happen!