About the Opportunity Job Type: Permanent Application Deadline: 30 November 2024 Title Detection, Engineering and Automation Manager, CDO Department FIL – Cyber Defence Operations Location Kingswood, Surrey Reports To Senior Technical Consultant - CDO Level 5 We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So bring your boldest ideas to our Cyber Defense Operations team and feel like you’re making progress. About your team Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives – their financial well-being. Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients’ digital assets and infrastructure against evolving cyber threats. The Detection Engineering & Automation team within our Cyber Defence Operations focuses on the development of automated detection capabilities to reduce manual effort of the Cyber Defence Operations team freeing up time to focus on real cyber threats. They ensure that security controls are performing effectively and efficiently and that they are feeding into automation technologies allowing the organisation to make intelligent correlated decisions. About your role The Detection, Automation and Engineering Manager plays a pivotal role in supporting the Cyber Defense Operations team by ensuring security tooling implemented in the organisation are working as intended. The ideal candidate will be responsible for driving excellence and innovation across the team and have extensive knowledge and experience in technologies including, but are not limited to, SIEM Administration (logging, use-case development, resource utilisation and optimisation), SOAR, DDoS, IPS, Email security (anti-spam, DLP), Vulnerability Management, and Threat intelligence. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools. About you Key Responsibilities The Detection, Automation and Engineering Manager will be responsible to: Lead and manage a global high performing Detection, Automation and Engineering service. Lead and oversee the development of new security detection use-cases and associated workflows within automation to address emerging threats and vulnerabilities; ensuring robust QA, QC and Change Management is followed and maintained. Develop comprehensive security reports, detailing key metrics, incidents, and trends for stakeholders, enabling informed decision-making following set formats. Streamline existing security processes by optimizing and enhancing automation workflows for efficiency and effectiveness. Lead and oversee the maintenance and management of security solutions / services like Sentinel, Defender, ServiceNow, Proofpoint, etc. Regularly assess the effectiveness of security tools through metrics and key performance indicators, driving continuous improvement initiatives within the team. Identify and implement enhancement opportunities with existing tooling to capitalise investments and returns. Guide, upskill and mentor a high performing team, fostering a collaborative and innovative environment to maximize productivity and skill development. Collaborate with cross-functional teams and Security Architects to ensure alignment of security tooling initiatives with broader organizational goals and compliance requirements. Lead the implementation of robust security tooling solutions, ensuring seamless integration with existing systems and infrastructure. Establish and maintain proactive monitoring mechanisms to promptly detect and respond to incidents, utilizing the latest tooling capabilities. Provide expert support to security operations teams by troubleshooting tooling issues, conducting root cause analyses, and implementing corrective measures. Execute and oversee security tooling projects, including resource management, timelines, and deliverables, demonstrating adept project management skills. Experience and Skills Required At least 2 years of experience working in a Security Operations setup, preferably in Financial Services, focusing on Automation and Security Engineering maturity, with experience of managing and maintaining security tools within a global environment. Programming experience (PowerShell, Bash, Python, JavaScript) to automate tasks using scripting on both Windows and Linux systems. Hands-on experience with APIs, demonstrating the ability to integrate security tools seamlessly, automate workflows, and enhance overall security posture through effective API utilization. Experience developing and fine-tuning Detection use-cases using advanced KQL and possess Innovative Mindset to challenge current processes. Experience developing and utilising automation to enhance responses to security alerts. Experience integrating and maintaining a SIEM solution and associated log stream integrations. Experience with Cloud environments and infrastructure integration with a SIEM solution. Demonstrable proficiency utilising built in security functions within Azure and AWS. Apply leadership and management skills in guiding and mentoring a security automation and engineering team to achieve collective success. Proven experience of being organised and methodical manner applying critical thinking to tasks and problems. Employ excellent communication skills, both written and verbal, to articulate security concepts, present findings, and engage with diverse stakeholders, including technical and non-technical audiences. Demonstrate adaptability to evolving security landscapes, staying updated on industry trends, and proactively integrating new technologies and methodologies into security tooling strategies. Feel rewarded For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com. As an international financial services organisation, we are in-scope of international regulations in the way that we carry out our work. This position is involved in work that is regulated by the FCA and/or the PRA and their Individual Conduct Rules (COCON) apply to it, along with any other regulation. We provide training on COCON and how it affects our employees. More information about COCON can be found in the Employment Handbook.