Cyber Security Operations Senior Engineer London, England
Job description
A Highly-Innovative Global Commercial Bank have a newly created position for a Cyber Security Operations Senior Engineer to join their team on a permanent basis. The UK office is in the City of London.
ABOUT THE COMPANY
Their clients are the game changers, leaders and investors who fuel the global innovation economy. They're the businesses behind the next medical breakthroughs. And the visionaries whose new technologies could transform the way people live and work.
They come to the organisation for their expertise, deep network and nearly forty years of experience in the industries they serve, and to partner with diverse teams of passionate, enterprising, dedicated to an inclusive approach to helping them grow and succeed at every stage of their business.
Join them and be part of bringing their clients' world-changing ideas to life. They have the opportunity to grow and collectively make an impact by supporting the innovative clients and communities they serve. They pride themselves in having both a diverse client roster and an equally diverse and inclusive organisation. And they work diligently to encourage all with different ways of thinking, different ways of working, and especially those traditionally underrepresented in technology and financial services, to apply.
ABOUT THE ROLE
The Cyber Security Operations Senior Engineer will protect the bank by providing timely response to cyber security threats, incidents, and requests for investigations using industry leading tools and practices. The engineer will focus on security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools to provide alert content, data enrichment, playbooks, runbooks, and/or process improvements to streamline investigations and provide accurate and consistent documentation and response to security events. The engineer will support Detection and Response analysts in security incident response and will continuously train and develop training material for junior analysts to be apprised of emerging technologies, threats, attacks, and countermeasures.
Monitor, triage, and create logic to identify and respond to cybersecurity events to track in a case management system.
Identify, implement, and track necessary tuning of signatures and alerts
Independently investigate, respond, escalate, and document findings for cybersecurity incidents and support and mentor more junior analysts
Create processes to review and provide quality control validation for cybersecurity cases, incidents, tasks, and countermeasures
Work with various teams and stakeholders to mitigate cybersecurity incidents
Create, update and follow documented processes and runbooks
Work with the Threat Intelligence team to identify areas for targeted threat hunts, create automated responses, and participate in threat hunting exercises.
Create, lead, and participate in department training exercises (table top, blue and purple team, etc.)
Configure and manage cyber security instrumentation, create automated processes, and identify and develop alert logic to monitor and respond to security events.
Knowledge:
Cybersecurity best practices and trends
Cybersecurity Incident Response Lifecycle and methods
MITRE ATT&CK Framework
Cybersecurity risks and controls
Networking and TCP/IP protocol
Windows and Linux operating systems
Cybersecurity architectures and methodologies (Defense in depth, Kill-Chain, NIST, OWASP, etc.)
Amazon Web Services
Indicators of Compromise (IOC) and Tactics Techniques and Procedures (TTP)
Python
Splunk SPL
Skills (i.e. excellent communication, attention to detail) that are required to be successful in this role):
Analyze application, system, and security logs from any log source
Document forensic investigation and research findings
Demonstrate clear written and verbal communication
Work well independently without in-person supervision
Collaborate with team members across separate geographic locations
Work well under pressure of cybersecurity incidents
Build relationships with individuals across the organization
Read and write scripts in python, javascript, splunk spl, regex, powershell, or perl, etc.
Competencies:
Analytical problem solving mindset with an ability to deconstruct complex issues with unbridled curiosity
Team orientation
Strong work ethic
Critical thinking
Initiative for continuous learning
Confidence
Self-starting mindset
Required Education and Experience:
Bachelor's degree in a technical field (cybersecurity, information technology, computer science, computer engineering, etc.) or commensurate experience in a technical job role 3 or more years’ experience working in a cyber security role
Preferred Education and Experience:
List additional education or experiences that are preferred, but not required (i.e. Experience working with C-Level Customers)
Five or more years’ experience working in a cybersecurity or infrastructure role.
Master's degree in a cybersecurity or technical field (cybersecurity, information technology, computer science, computer engineering, physics, etc.)
AWS Certified Solutions Architect or Associate
Experience in the banking or financial industry
Experience managing security orchestration automation and response technologies (SOAR)
Experience managing security information and event management (SIEM)
Certifications:
List any certifications that are required or preferred (i.e. Series 6 – required; Series 7 – preferred)
Certified Information Systems Security Professional (CISSP) or Associate of (ISC)²
Certified Cloud Security Professional (CCSP)
Systems Security Certified Practitioner (SSCP)
GIAC Security Essentials (GSEC)
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Enterprise Defender (GCED)
GIAC Continuous Monitoring Certification (GMON)
GIAC Certified Forensic Analyst (GCFA)
GIAC Advanced Network Forensics (GNFA)
CompTIA Security+
CompTIA Advanced Security Practitioner+ (CASP+)
Certified Ethical Hacker or Computer Security Incident Handler (CSIH)
EnCase Certified Examiner (EnCE)
Access Data Certified Examiner (ACE)
AWS Cloud Certified Practitioner
AWS Cloud Certified Practitioner
AWS Certified Solutions Architect or Associate
AWS Security Specialty
Palo Alto Networks Certified Detection and Remediation Analyst
Splunk Core Power User
Splunk Enterprise Certified Admin
Travel:
Travel may be occasional as required.
BENEFITS
Private Medical Insurance
Telemedicine
Health Assessments
Dental Insurance
Eye Care
Holidays
Wellness (Employee Assistance Program, Gym Subsidy, and Ride to Work Scheme)
Transportation
Group Personal Pension Scheme
Disability and Life Assurance
Employee Stock Purchase Plan (ESPP)
Travel Insurance (Business Travel Insurance and Personal Travel Insurance)
Employee Referral Program
Family Bonding Time (Enhanced Maternity/Adoption Leave, Paternity Leave, Shared Parental Leave, and Special Parental Leave)
Developing and Giving Back (Learning Opportunities, Employee Recognition, and Matching Gift and Community Involvement Program)
