Job duties:Analyse and respond to security threats from the security event information incident management platform (includes firewall, intrusion detection systems and antivirus events)
Dedicated monitoring and triage/analysis of cyber security events
Maintaining and enhancing the security event information management platform to ensure availability for monitoring and managing events.
Security authorisations and ticketing (via Service Now)
Incident report generation and reporting
Processing incident communications to include initial reporting, follow-ups, requests for information and resolution activity
Manage integration of new devices to event logging solution
Build event logging business system overlay
Monitor SOC Portal for alerts and identify false positives
Enrich asset model in event logging service for business criticality, system function etc
Investigate security incidents
Liaise with Infrastructure teams to resolve incidents
Track incident statistics and maintain in Service Now
Work with various technical teams to integrate global infrastructure onto event logging service.
General Skills:
Strong ability to communicate, excellent written and oral communication skills with ability to speak authoritatively to different audiences
Independent self-starter; strong understanding of security operations concepts; strong understanding of basic computer science applications and incident investigation/management.
Background in security investigation, analysis and reporting.
Requires critical thinking and problem-solving skills
Technical Skills:Experience in technical IT Security (essential)
At least 2 years’ experience in a security operations centre or IT operational role
Experience of configuring tools for security operations
Experience of working within large scale complex IT environments in the financial industry
Use and configuration of log management/SIEM solutions
Incident investigation and analysis capabilities
Incident management and coordination experience
Use and configuration of vulnerability management and policy compliance solutions
Ability to identify security processes and integrate with Service management platforms
Vulnerability management and remediation
Requires experience with SIEM technologies, Linux, Windows and Network Operating Systems