The Cyber Threat Analyst role is positioned with the M&G Security Operations team that consists of the following functions:
* Security Operations Centre (Monitoring)
* Threat Intelligence and Vulnerability Management
* Security Operations Engineering (Tooling Support)
* Cyber Response (Security Incident Management and Cyber Resilience)
The role reports directly to the SOC Manager and the successful applicant will work alongside an internal team as well as a Managed Security Service consisting of 24/7 L1 and L2 SOC analysts.
Key Responsibilities:
* Use-case contributions and review – helping to ensure the analytical rules continue to be fit for purpose and reflective of real-world attack scenarios including assisting MSSP in driving team automation.
* Incident Response – Blocking of IOCs, stakeholder alerting, acting as part of a team-coordinated activity.
* Collaboration with internal teams within the Security Operations function and wider M&G to ensure effective service.
* Collaboration with external teams within the Security Operations function (such as the managed service provider) where necessary to investigate cyber security alerts and incidents.
* Act as a business point of escalation for MSSP L1s and L2s where further assistance is required from the 24/7 monitoring team.
* Pro-actively suggesting service improvements with the aim of improving the organisation’s security posture.
* Be able to articulate complex problems, risks, and solutions to key stakeholders internally and externally.
* Adherence to existing processes/procedures and aid in new process development where a new business requirement comes into existence.
* Supporting key regular internal/external audit activities where applicable – typically through tracking of SOC activities, adherence to processes/procedures, and ad-hoc participation in technical sessions to support the SOC Manager where required.
Target Skills, Experience and Technologies:
* Previous experience in a Security Operations environment.
* Exposure to Cyber Incident Response.
* Experience in Endpoint Detection and Response tooling (ideally Defender for Endpoint and/or Palo Alto Cortex XDR).
* Experience in Microsoft Sentinel (querying of logs, knowledge of analytical rules).
* Experience with IDPS systems (NGFW, Firepower/Sourcefire, etc.).
* Experience in other Microsoft Azure environments – including use of Azure Active Directory, Identity Protection, Defender for Cloud, etc.
* Exposure to use-case management (fine-tuning of false positives, etc.).
* Ideally having worked in the financial services sector (or another highly regulated area).
Desirable Certifications:
* Non-vendor specific such as CompTIA Security+, CySa+, ISC2 SSCP, Security Essentials.
* Microsoft specific such as SC200, AZ500.
We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice, and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, or disability we are looking to attract, promote, and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.
#J-18808-Ljbffr