As part of Cyber Defence - Global Security Operations Centre, you will be delivering security operations services and ongoing improvement to address evolving threats and respond to incidents. You will work within the GSOC team and work with business and IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from advanced threats.
With exceptional technical knowledge, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining out cyber defence posture and approach to our stakeholders.The Role
This role is a shift-based role, that requires working as part of a 24/7 365 Security Operations Centre. You will be required to work shifts
Responsible for the provision and oversight of triage and investigation of alerts and incident reported/detected within the SOC
Ensure the team is working within the expectations of KPI’s for the handling of incidents and reporting
Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident
Detecting emerging threats based upon analysis, data feeds and sources (internal & external intelligence sources)
Engaging with IT functions to ensure resolution actions are completed appropriately and in a timely manner
Analyse and correlate incident data to identify potential root cause and corresponding remediation strategies
Responsible for ensuring the incidents are recorded and reported accurately in line with the Incident response processes and procedures
Conduct Quality Audit of Incidents to ensure compliance to ticket handling standards
Perform coaching and mentoring for Junior Analysts and deliver training as part of team skills uplift program
Manage the shift workload and ensure incidents are triaged and investigated in a timely manner
Act as the primary escalation point for issues arising from incidents
The Requirement
Qualified to degree level (An actual degree preferred but not a prerequisite), preferably in a business, IT or security related subject
Hold and maintain appropriate Information Security professional qualifications, including a minimum of one or more of the following: Security+, CEH, GIAC GCIA/GCIH (or SANS specialist cert such as GREM, GPEN) or either of the Security Analyst Certifications from CompTia / EC-Council (ECSA or CompTia CySA+)
The successful applicant will be able to demonstrate a commitment to personal development in the Cyber Security industry, and a genuine show of interest in Incident Response methodologies including both attack and defence capabilities
Comprehensive understanding of security threats, risks and countermeasures and ability to apply in a practical context at all stages of the kill chain
SIEM investigations
Hands-on operational security experience including use of Excel, SQL, DBMS, and open-source tools, as well as shell scripting and programming languages to validate data sets produced in response to security incidents
In-depth understanding of the Behavioural Analytics, big data baselines and tuning SIEM behaviour data models
Experience with writing SOAR playbooks and SOC automation
Thorough understanding of technical security countermeasures and awareness of external and internal threat landscape
Knowledge of security standards, frameworks, regulation and legislation (Mitre Framework, NIST and regulations such as GDPR)
At least 4-7 years' experience working as part of a mature Cyber Defence Centre / Security Operation Centre function in a large enterprise
Hands on experience with mentoring and coaching Junior Analysts in the fine art of Cyber Analyst skills
Solid understanding of SIEM technologies
Scripting and programming skills with proficiency in one or more of the following; PowerShell, Pearl, Python
A solid understanding of networking technologies, enterprise wide technologies including database, operating system, web application, middleware, etc.
Experience with security assessment tools, including Wireshark, Sysinternal tools.
Proven ability to work in global collaborative group environment
Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
Strong communication skills, both oral and written
Team player with good interpersonal skills
Organised and methodical
Willing to challenge and desire to learn
Ability to communicate technical concepts to nontechnical disciplines
Excellent analytical problem-solving skills
Commercial awareness
Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement.
Understanding of Firewalls, Proxies, WAF and Endpoint security controls is beneficial
Experience in other areas of Cyber Security (Data Loss Protection, Vulnerability Management, Threat Intelligence, Access Management, Consulting) is also beneficial
Equal Opportunity Employer
