This role is an exciting opportunity to join us and work within our Cyber Fusion Centre (CFC). As we continue to evolve our business models to keep them efficient and effective in the face of increased IT and digital threats, the CFC is an Intelligence Hub, and future-proofed not just responsible for traditional “detection” and “response” of security incidents but will monitor, react and detect - that will inform decision making at every level of the business.
What you'll do:
Follows up on escalated security incidents from MSSP L2 Security Analysts / Senior Security Analysts or security incidents directly reported to the Principle Security Analysts via non-SOAR channels. Performs detailed investigation of potential security incidents and work with resolver group(s)/Incident Management team for resolution.
- Act as an advisory team for any new security technology on-boarding.
- Act as an escalation lead and work with CFC Incident Management to resolve Group SOAR Case's escalated by other estate(s).
- Provide platform engineering teams with continuous improvement input to enhance the overall CFC operational team.
- Adapt new and innovative ways of performing incident response across all group territories.
- Be involved with any new security related project / technology that will impact the way CFC perform incident response and reporting.
- Assist leadership with reporting.
- Be the lead technical analyst in high severity incidents, providing insight to incident managers and leadership teams.
- Work with Data Content Author to fine tune existing correlation rules and research to create new correlation rules.
- Perform threat hunting. Execute different types of proactive hunting using security events and threat intel e.g. Indicator of Compromise (IoC) based hunting, hypothesis-based hunting, alert based hunting, anomaly and routine hunting.
What you'll bring:
- +6 years' experience in security operations, security analytics or security engineering roles.
- +5 years' experience in Investigative or Incident Response environments.
- SME for Networking and OS (Windows and Linux).
- SME in operating systems (e.g., Windows, Linux and Unix)
- Excellent knowledge of security solutions and technologies including Network Firewalls, proxy technologies, EDR, Spam, SIEM, UBA, E-mail filtering and spyware solutions (Gateway and SaaS).
- Excellent knowledge of forensic, malware investigation, reverse engineering and scripting techniques
Strategy & Security: We play an important role in creating a cohesive tech strategy across all of our teams – uniting our tech teams to work towards clear and common goals. Behind the scenes, we’re protecting our business and our customers from cyber threats.
Training and Certification:
- Splunk Fundamentals III.
- Crowd Strike Falcon 300 Series.
- Dark Trace Online Training.
- Range Force SOC Threat Hunter Training.
- SANS GIAC Certified Incident Handler (GCIH) – (Desired)
- AWS Certified Speciality – Certification – (Desired).
- Decision making and risk management
- Customer orientation, Team work and leadership
- Problem solving and Process excellence
- Results orientation and execution excellence
- Professional development - Keep up-to-date with information security news, techniques, and trends.