Cyber Security - Technical Specialist
About the Opportunity
Job Type: Permanent
Application Deadline: 30 November 2024
Job Description
Title: Technical Specialist
Department: FIL – Cyber Defence Operations
Location: Kingswood, Surrey
Reports To: Senior Technical Consultant - CDO
Level: 4
The Technical Specialist (L3) within our SOC team focuses on safeguarding and defending FIL from Cyber threats using a multitude of tools at your disposal. You will be working with a high performing global team in responding to security events and progressing them using internal processes.
About your role
The L3 SOC Analyst will play a pivotal role in supporting the Cyber Defense Operations team by timely response to our security alerts that need in-depth investigations, supporting junior analysts with their analysis and escalations. You will also be responsible for working within our CIRT team to lead and assist Cyber Incidents, or when CIRT is engaged by Major Incidents team.
Key Responsibilities
* Lead and coordinate the investigation and response to escalated alerts and ensure in-depth technical analysis is conducted.
* Monitor security alerts and logs to identify and counteract potential security threats.
* Coordinate and lead high-level security incidents in our CIRT team, ensuring effective communication with all stakeholders.
* Utilize tools such as Microsoft Defender, Azure Sentinel, and ServiceNow to monitor, analyze, and manage security events.
* Develop new detection use-cases to mature our monitoring and detection landscape, and regularly review production use-cases to curb false positive alerting.
* Contribute to developing and maintaining incident response strategies and update processes, playbooks to align with evolving cybersecurity landscapes.
* Mentor and oversee junior analysts, fostering a culture of continuous learning and professional development.
* Conduct post-incident analysis and present detailed reports to executive management, recommending improvements to security policies and procedures.
* Participate in a rotational on-call support to support our 24x7x365 operations.
* Participate in the design and implementation of new security tools and technologies.
* Generate comprehensive reports on incident findings and response actions for senior management.
Experience and Skills Required
* A minimum of 5 years of experience in a SOC environment, preferably in Financial Services, with at least 2 years in an L2/L3 position.
* Proficient in security solutions like SIEM (Sentinel), intrusion detection/prevention systems, EDR/XDR (Defender), SOAR, and ticketing solutions like ServiceNow.
* Proven track record of managing security incidents and working with technical and non-technical stakeholders.
* Experience in network flow and traffic analysis to identify C2 and apply preventative controls.
* Ability to investigate complex investigations using solutions like Sandbox, CyberChef, etc.
* Relevant professional certifications like SC-200, CEH, SCS-C02, GCIH, GCIA, etc. are beneficial.
* Experience developing and fine-tuning Detection use-cases using KQL.
* Excellent communication skills, both written and verbal.
* Demonstrate adaptability to evolving security landscapes.
* Programming experience (PowerShell, Bash, Python, JavaScript) to analyze and investigate potentially malicious scripts.
* Previous experience of Threat Hunting will be beneficial.
* Experience in Cloud environments would be desirable.
* Understanding of modern security attack techniques and how best to detect them.
Feel rewarded
For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.
As an international financial services organisation, we are in-scope of international regulations in the way that we carry out our work. This position is involved in work that is regulated by the FCA and/or the PRA and their Individual Conduct Rules (COCON) apply to it.
#J-18808-Ljbffr