Full Job DescriptionIG’s Security Operations team (SOC) are responsible for managing security related events within IG. The goals of the team are to ensure that security incidents adversely affecting the business are quickly diagnosed, workarounds are determined, proper root cause analysis is performed, and actions are taken to prevent the issue from reoccurring.
The Security Operations function is a vital piece of the organisation ensuring company information and systems are protected from unauthorized access, disruption, modification or destruction. This is accomplished using various operational security controls, processes and policies.
Core functions include:
Security Monitoring
Monitor a wide variety of security tools directly and via the SIEM as necessary to detect cyber attacks and other unauthorized activity.Assist with the creation and refinement of security monitoring rules, techniques and processes. Incident ManagementGather data and perform the initial analysis for newly discovered security incidents, classifying and trialing as appropriate.Investigate and resolve security incidents both independently and in collaboration with the wider SOC team.Ensure accurate logs are made of all actions during incident response activities, and produce a final report detailing the incident timeline when required.Actively participate in post-incident process improvement and reporting activities. Vulnerability ManagementPerform regular and on-demand automated vulnerability scans and interpret the results for affected teams and asset owners.Track remediation activities, provide remediation assistance where required, and ensure vulnerabilities are closed within the defined time limits. Security Policy Review and MaintenancePerform regular reviews and audits of technical security controls, including firewall policies, DLP policies, Active Directory permissions, and SIEM log collection.Help meet company compliance requirements by supporting internal and external audits, risk assessments and reviews.Assess requests for exceptions and whitelisting in security controls (such as firewalls, web proxies, DLP, etc) and approve or deny according to defined guidance. Reporting & DocumentationAssist with the preparation of regular reports and the collection of defined metrics. • Take part in the creation and continual improvement of SOC process and procedures documentation, as well as the refinement of manual and automated workflows and playbooks. ProjectsPerform short tasks and work on more complex projects as required to assist and improve the effective operation of the SOC, such as testing and evaluating potential tools and services, assessing the impact of IT changes, optimizing existing tools, collaborating with external teams, and other tasks.
Desirable Skills and Attributes:
This is an entry level role, and therefore candidates are not expected to meet all listed requirements. Successful candidates will demonstrate an independent and self-motivated approach to learning cyber security skills and topics.
Previous IT or security experience work is highly advantageous (but not required).A basic understanding and aptitude for learning technical IT concepts is required, including:
o Windows and Linux operating systems and system administration
o Networking, including TCP/IP and other common protocols
o Microsoft Active Directory
o Command line interfaces and basic scripting
Understand the purpose and role of common technical security products, such as firewalls, anti-virus, web
proxies, SIEM, IDS/IPS, DLP, and EDR.
Basic familiarity with vulnerability scanning and penetration testing tools and techniques.Strong ability to focus and complete detailed tasks with high degree of accuracy.Able to communicate complex information clearly and logically, both verbally and in writing.Proficient with MS Office for general collaboration, communication and reporting.Exceptional candidates without previous work experience may be considered if they can demonstrate strong
technical knowledge and are highly self-motivated to deal with a steep learning curve.
Useful Skills:
Previous experience with a SIEM or other SOC tools.Experience with network forensic tools, such as network sniffers and protocol analyzers.Experience of working in a multi-national organisation.Experience of working in the finance or technology sectors.Interest in financial products, trading, or investments.
Qualifications:
A university degree in one of the following fields is preferred (but relevant experience may substitute):
Cyber / Information Security, Digital Forensics, Ethical HackingComputer Science, Software Development, Network EngineeringMathematics, Physics and other STEM subjects
Other desirable certifications include:
CISSP, GIACCEH, CREST, OSCPSecurity+, Network+, CySA+Vendor certifications for Microsoft, Linux, cloud, networking or security products
Hours:
The successful candidate will be required to participate in the Out of Hours Support Rotation – Typically 24/7.
Number of openings
1