Security Operations Centre (SOC) sits within the IT Security department and reduces the impact of cyber security incidents against the Bank’s Infrastructure by monitoring key security and business systems for anomalous behaviours. It provides containment, eradication and remediation recommendations to business and system owners.
This is an exciting opportunity for a strong, experienced, security analyst to join a team using leading and cutting edge security products to protect the Bank’s information assets from cyber threats. This is a real opportunity to bring your experience and expertise to an agile, fast moving team supporting a highly prestigious organisation that faces a unique and determined threat landscape.
You will help to reduce the impact of cyber security incidents against the Bank’s Infrastructure by using a range of leading edge IT security tools to monitor key security and business systems for anomalous behaviours. You will act as Incident Handler for any detected incidents and work with other teams to provide containment, eradication and remediation recommendations to business and system owners
You will work to constantly evolve the services the SOC provides, helping to integrate the latest techniques for detecting cyber threats, tuning security detection capabilities, and ensuring that more junior team members are continually developing their skills against the latest best practice.
As we’re looking for an experienced individual for this role you will have be able to demonstrate well-honed detection and analytical skills with a proven ability to identify and mitigate advanced, targeted cyber threats.
You’ll be working alongside a range of other teams including Malware and Forensics specialists, IT Infrastructure and Operations teams and external 3rd party cyber defence organisations. You will be expected to have a solid knowledge of their duties and how they fit within an effective Security Incident Handling workflow.
You’ll have a proven ability to act as a technical lead of an operations shift and by doing so support, mentor and develop more junior members of the team in order to develop their skills and techniques.
• Advanced knowledge of current and emerging threats and attack techniques;
• Expertise in the field of advanced threat detection utilising log, network and host based toolsets. The ability to tune and evolve such capabilities in line with new attack techniques;
• Proven experience in Incident Handing of Major, high impact incidents with the ability to generate clear, concise recommendations and coordinate activities and professional communications across a range of stakeholders, internally and externally, and often under significant pressure;
• Solid understanding of the tools and techniques used by Incident Response teams in order to further analyse the impact and exposure to cyber threats. Ability to work alongside and assist such teams in their duties;
• Experience of creating, maintaining and developing operational procedures to better analyse, escalate, and assist in remediation of critical information security incidents;
• Experience in a related security position;
• Experience of maintaining a secure network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, EPO;
• Knowledge of SNORT and other common detection signature languages;
• In depth experience of other common devices, such as routers, switches, hubs. Troubleshooting Windows environments;
• Attention to detail and great organizational skills;
• Experience of using SIEM tools such as RSA Envision, ArcSight, LogLogic, Q1 labs, Symantec Endpoint;
• Experience of full packet capture tools e.g. Wireshark, Niksun, Netwitness to monitor network activity for threats.
• Experience of working in commercial and/or Defence Information Security Operations environments;
• A graduate or equivalent in IT or a related science subject;
• Qualifications within the IT Security field desirable e.g. Certified Intrusion Analyst (GIAC), Certified Incident Handler (GCIH), Certified Information Systems Security Professional (CISSP);
• Prepared to become SC and DV cleared;
• Ability to lead internal and external technical meetings and influence customer activities;
• Exposure to IT service management best practices such as ITIL;
• Software engineering, programming or scripting knowledge. Eg Perl, Java, .Net.;
• An understanding of Information Assurance policy and best practice relating to controls which manage the risks around Confidentiality, Integrity and availability of information