Job Description

The Role: As part of Cyber Defence - Global Security Operations Centre, you will be delivering security operations services and ongoing improvement to address evolving threats and respond to incidents. You will work within the GSOC team and work with business and IT leaders, clients and partners to build an effective security capability including people, processes and new technologies to protect critical data and technology assets from advanced threats. With exceptional technical knowledge, calm approach under pressure, and a genuine passion for security, you will also be an exceptional communicator, explaining out cyber defence posture and approach to our stakeholders. Responsibilities include but are not limited to:

• Primary point of inception for triage and investigation of alerts and incident reported/detected within the SOC.
• Ensure timely response to any cyber incident to minimise risk exposure and production down time.
• Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident
• Detecting emerging threats based upon analysis, data feeds and sources (internal & external intelligence sources).
• Creating tickets within a Case management tool, for other IT functions to action resolution activities.
• Analyse and correlate alert and log data to assist the triage and incident investigation process.
• Assist the Seniors and Principals in maintaining SOC process documentation
• Provide regular updates and checks and status on the information recorded in relation to an incident

• Solid understanding of SIEM technologies.
• Scripting and programming skills with proficiency in one or more of the following; PowerShell, Pearl, Python.
• A solid understanding of networking technologies, enterprise wide technologies including database, operating system, web application, middleware, etc.
• Experience with security assessment tools, including Wireshark, Sysinternal tools.
• Proven ability to work in global collaborative group environment
• Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
• Strong communication skills, both oral and written.
• Team player with good interpersonal skills.
• Organised and methodical.
• Willing to challenge and desire to learn.
• Ability to communicate technical concepts to nontechnical disciplines
• Proven experience working with a Security Incident and Event Management solution as an analyst.
• Calm, organised and methodical
• Excellent analytical problem-solving skills
• Commercial awareness
• Agile and responsive approach to meeting business, security and technology objectives and delivering continuous improvement