This role is an exciting opportunity to join us and work within our Cyber Fusion Centre (CFC). As we continue to evolve our business models to keep them efficient and effective in the face of increased IT and digital threats, the CFC is an Intelligence Hub, and future-proofed not just responsible for traditional “detection” and “response” of security incidents but will monitor, react and detect - that will inform decision making at every level of the business.
What you'll do:
Follows up on potential security incidents escalated by MSSP Level 2 Security Analyst to perform detailed investigation based on available data, context and threat intelligence to detect cyber threats in a timely manner..
- Performs detailed analysis for group-wide SOAR Cases against available data, context, current Threat Intelligence Service (TIS) information and trends seen in CFC.
- Conduct group-wide impact analysis.
- Categorise and record priority of incident in SOAR Case.
- Update knowledge-base and Playbook(s).
- Escalate unresolved, potential security incidents to Principle Security Analyst for further investigation.
- Be detailed orientated in incident reporting and ticket updates.
- Central point of contact for any ongoing incident for incident managers.
- Help group territories develop playbooks and ensure consistency in reporting is always prevalent.
- Lead incident investigations in and out of hours.
- Assist management with reporting.
- Work with teams within the CFC to enhance existing processes and perform continuous improvement.
- Analyse and investigate cyber security incidents as a 3rd line responder, taking escalations from peers and colleagues within the business (in and out of hours).
- Ensure timely, accurate, tailored remediation and countermeasure communications to internal users and teams, regarding intrusions, compromises to on-boarded host and network infrastructure, applications and operating systems.
- Responsible for providing input for security incident response documentation and improvement plans across the organisation.
- Assist with creation and maintenance of security incidents response documentation.
- Supervise and analyse advanced threat events, Security Incident and Event Management (SIEM), User Behaviour and Analytics (UBA) and Endpoint Detection Response (EDR) toolsets and event logs to identify security indicator of compromise, attacks and threats for remediation and / or suppression.
- Coordinate security incident response activities: work with various lines of security analysts (internal and external) to identify various malicious threats in the groups' enterprise environment both proactively and reactively.
- Be a central point of contact within the team to input contribution for security related initiatives and projects. Keep ahead of new threats which could impact the organisation.
What you'll bring:
- +5 years' experience in security operations, security analytics or security engineering roles.
- +4 years' experience in Investigative or Incident Response environments.
- Excellent knowledge of Computer Networking and IT Security and strong endpoint and networks troubleshooting skills.
- Excellent knowledge of common operating systems (e.g., Windows, Linux and Unix)
- Excellent knowledge of different threat scenarios, incident response and remediation techniques.
- Excellent knowledge of security solutions and technologies including Network Firewalls, proxy technologies, EDR, Spam, SIEM, UBA, E-mail filtering and spyware solutions (Gateway and SaaS).
- Good Knowledge of forensic, malware investigation, reverse engineering and scripting techniques.
Strategy & Security: We play an important role in creating a cohesive tech strategy across all of our teams – uniting our tech teams to work towards clear and common goals. Behind the scenes, we’re protecting our business and our customers from cyber threats.
Training and Certification:
- Splunk Fundamentals II.
- Sky Network Fundamentals II.
- Crowd Strike Falcon 200 Series.
- Dark Trace Online Training.
- Range Force SOC Analyst I Training.
- Crowd Strike Certified Falcon Hunter (CCFH).
- Exam MS-500: Microsoft 365 Security Administration (Desired).
- AWS Certified Security – Specialty – Certification (Desired).
- CEH (Desired).
- Decision making and risk management
- Customer orientation, Team work and leadership
- Problem solving and Process excellence
- Results orientation and execution excellence
- Professional development - Keep up-to-date with information security news, techniques, and trends.