Global SOC Lead London
Job description
Available Job Today Global SOC Lead
Why Digital & Tech at M&S
We're changing the way we do things, and putting industry leading innovation at the heart of how we operate; we need a stellar engineering team to make it happen. You'll be joining one of the most iconic brands in the UK on its most exciting cycle yet. We're more integrated and product led in our tech teams than ever before: learning, changing, and adapting constantly, with millions of people benefiting from your work every single day.
The Role
The role’s purpose is to support the InfoSec Operations Manager, to both manage and lead the M&S Global Security Operations Centre. Providing oversight of the M&S staff and Managed Security Service Provider as per the key accountabilities and responsibilities. Also, to drive improvements in all products and services provided by the Security Operations Centre with primary focus on ‘Detection and Response’ to security events.
What You’ll Do Every Day
- The Information Security Operations Centre team provides a multi located service that covers event management, incident response, investigations and forensics, threat hunting and security monitoring.
- Protect company and its customers from materially impactful events to its Business, Brand and Customer e.g., catastrophic events, significant financial losses, and highly embarrassing events
- Operationalise effective Information Security Operation Centre Services and controls to protect core business processes and customer data i.e. (Identify, Detect, Protect, Respond and Recovery controls
- Identify and respond to threats: Incorporating industry intelligence to enable proactive threat detection, containment, and response
- Work with the SOC Leads and Service Delivery Managers to deliver activities within the continuous programme of Information Security Operations Centre improvement relating to Information Security monitoring and incident response for application, infrastructure, and all critical services
- Manage and maintain Information Security tooling owned and operated by the Security Operations Centre
- Manage Cloud Information Security specific subscriptions
- Chair daily, operations Stand-Up calls, maintain actions and escalate any issues
- Report and Maintain Key Risk, Performance and Success Indicators for the team
- Act as a liaison between industry peers, government agencies (including law enforcement) and other specialists
- Utilize commercial intelligence providers to gain insight into existing activities in the hacker and fraudster communities, as well as planned activities and emerging motivations
- Develop and maintain the security incident response and management process, including all required supporting materials
- Coordinate with the Security Operations Centre provided internally or by an external managed security services provider, to identify and assess Information security incidents
- Advise the InfoSec Management team of significant emerging threats, and recommend tactical steps to counteract these threats
- Deliver Management Reporting on a regular and ad-hoc basis
- Mentor junior members of the team, helping them through the more intricate incidents.
- Effectively communicate with internal stakeholders (technical and non-technical) and suppliers to provide updates on threats and/or to deliver key projects
- Make and drive recommendations to improve operational effectiveness
- Security Operations Centre documentation review and approval
- Measure, manage and mitigate Information Security risk to and acceptable level and demonstrate compliance
You Should Apply If
- Proficiency in preparation of reports, dashboards, and documentation
- Experience of Security Incident Management and Response, including within a DevSecOps operating model
- Knowledge and demonstrable experience of Information security technologies and methodologies
- Security event log collection and analysis
- Experience of vulnerability and threat assessment
- Experience of Intrusion detection and prevention systems
- Experience of Web-based application security
- Experience of Cloud systems and their Architecture (Azure, AWS)
- Experience of working in a 24/7 Security Operations Centre environment
- Experience of Incident Handling processes and procedures
- Demonstrable experience of working effectively with managed suppliers and vendors
- Awareness of Agile environments and practices
- Awareness of various operating system flavours including but not limited to Windows, Linux, Unix
- Awareness of Database technologies (SQL, Oracle, DB2, Mongo) and associated threats
- Awareness of security controls in widely used technologies e.g., MS Office 365
- Awareness of Incident Management and Response tools - IBM Resilient, Remedy, Remedy CMDB
- A great communicator with strong negotiation, influencing, planning and prioritisation skills
Working for Us Means
- Hybrid Working
- Industry leading pension of up to 12% M&S contribution
- Bonus up to 40%
- 20% discount on M&S products
- Up to 2 weeks working abroad
- Learning days once a month, Tech/Ed days once a quarter and Hackathon every other quarter
- A range of wellbeing support (including free counselling and a virtual GP for you and immediate family)
- 25% off gym memberships, access to online fitness classes and discounts for complementary health services, such as nutrition and lifestyle coaching
#LI-LS1
M&S is ready to push boundaries to lead the retail industry into a greener, speedier, more inspiring digital era. That’s why we’re revolutionising how we work and offering our most exciting opportunities yet. There’s never been a better time to be part of our team. Marks & Spencer aims to be an inclusive organisation, trusted and admired by our colleagues, customers and suppliers. Join us and make an immediate impact.
We are committed to an active Inclusion, Diversity and Equal Opportunities Policy, which starts with our recruitment and selection process, and we are happy to talk flexible working.
If you consider yourself to require reasonable adjustments to any part of our recruitment process, we invite you to share those requirements with us when completing your application. We will make every effort to ensure your needs are met to provide a fair and transparent process of assessment.
