Salary: £65,000 Location: Hybrid working (1-2 days Becrypt Head Office in Central London/Home Working) The Opportunity As part of the Becrypt Managed Services strategy we are looking to recruit a Senior SOC Analyst to build a new SOC function from the ground up. The role will initially be very hands on, responsible for monitoring and triaging of events and incidents for our client base, using such tools as Microsoft Sentinel and Manage Engine Log 360. The role will also involve standing up new SIEM tools to support multiple environments, an in-depth understanding of configuring and tuning tools, as well as monitoring, is a must. This is a chance for an individual to be involved at the start of the development of the SOC function. This role will play a leading part in the day-to-day activities of the SOC and influence the SOC on an operational, technical and strategic level. This role requires someone driven, willing to get hands on, has a keen eye for documentation and is passionate about delivering an excellent security service. A great team player is a must. Job Purpose: The main purpose of this role is to bring stability and a standard approach to security monitoring across a number of SIEM tools for multiple environments, thus ensuring a strong security posture is maintained. Primarily the role will be concerned with taking on all security monitoring for a handful of small client environments and the corporate environment. The role will also be accountable for ensuring a SIEM platform is embedded as a BAU service for a new Private Cloud solution. As a Senior SOC Analyst you will play a pivotal role in ensuring the security and resilience of our organisation, and client's information systems. The Senior SOC analyst will be the first recruit into the SOC Team and will be expected to work with management to ensure the service is built and grows to suit the requirements of the business. Main Duties and Responsibilities: Security Monitoring: & Investigation: Monitoring multiple SIEM tools to assure high a level of security on solutions Becrypt deliver. Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary. Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. Ensure runbooks are followed and are fit for purpose. Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident. Follow major incident process. Threat Intelligence: Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes. Contribute to the development of threat intelligence feeds to enhance proactive threat detection. Security Tool Management: Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness. Evaluate new security technologies and recommend enhancements to the security infrastructure. Collaboration: Collaborate with cross-functional teams, including IT, legal, and management, to address security incidents and implement preventive measures. Provide expertise and guidance to other analysts. Working with the Technical Delivery Team to ensure all new and changed services are monitored accordingly. Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Create monthly reporting packs as per contractual requirements. Create and document robust event and incident management processesRunbooks & Playbooks. Other responsibilities: Involvement in scoping and standing up new solutions for new opportunities. Assisting Pre-Sales team with requirements on new opportunities. Demonstrations of SOC tools to clients. Continual Service Improvement - Recommendations for change to address incidents or persistent events. Essential Skills and Experience: Analytical mindset with the ability to troubleshoot and solve complex security issues. Excellent communication and interpersonal skills for collaborating with diverse teams. Leadership qualities to guide other team member and drive security initiatives. Up-to-date knowledge of cybersecurity trends and threats. Full understanding of SIEM systems -Microsoft Sentinel, Manage Engine Log 360, IBM QRadar, Splunk, Sentinel etc Demonstrable understanding of IT Security Management, Policies, Procedures, Standards and Guidelines. Ability to work autonomously Clear understanding of runbooks and playbooks with the ability create these from scratch Understanding of ISO 27001, ISO 9001 & Cyber Essentials would be extremely advantageous Security Operations and Incident Handling Previous experience working within a SOC team A great opportunity for a SOC professional to push their career forward in a challenging and exciting environment. Due to the high level of Security clearance required, applicants must be British Nationals. You must hold SC Clearance for this role or be willing to go through SC Clearance. Salary: £65,000 Location: Hybrid working (1-2 days Becrypt Head Office in Central London/Home Working) Apply Now To apply for the Senior SOC Analyst role, please send a copy of your CV and covering letter by using the apply button provided on the page.
Apr 24, 2024
Full time
Salary: £65,000 Location: Hybrid working (1-2 days Becrypt Head Office in Central London/Home Working) The Opportunity As part of the Becrypt Managed Services strategy we are looking to recruit a Senior SOC Analyst to build a new SOC function from the ground up. The role will initially be very hands on, responsible for monitoring and triaging of events and incidents for our client base, using such tools as Microsoft Sentinel and Manage Engine Log 360. The role will also involve standing up new SIEM tools to support multiple environments, an in-depth understanding of configuring and tuning tools, as well as monitoring, is a must. This is a chance for an individual to be involved at the start of the development of the SOC function. This role will play a leading part in the day-to-day activities of the SOC and influence the SOC on an operational, technical and strategic level. This role requires someone driven, willing to get hands on, has a keen eye for documentation and is passionate about delivering an excellent security service. A great team player is a must. Job Purpose: The main purpose of this role is to bring stability and a standard approach to security monitoring across a number of SIEM tools for multiple environments, thus ensuring a strong security posture is maintained. Primarily the role will be concerned with taking on all security monitoring for a handful of small client environments and the corporate environment. The role will also be accountable for ensuring a SIEM platform is embedded as a BAU service for a new Private Cloud solution. As a Senior SOC Analyst you will play a pivotal role in ensuring the security and resilience of our organisation, and client's information systems. The Senior SOC analyst will be the first recruit into the SOC Team and will be expected to work with management to ensure the service is built and grows to suit the requirements of the business. Main Duties and Responsibilities: Security Monitoring: & Investigation: Monitoring multiple SIEM tools to assure high a level of security on solutions Becrypt deliver. Oversee and enhance security monitoring systems to detect and analyse potential security incidents. Conduct real-time analysis of security events and incident and escalate as necessary. Support other teams on investigations into incidents, determining the root cause and impact. Document findings and lessons learned to improve incident response procedures. Ensure runbooks are followed and are fit for purpose. Incident Response: Lead and coordinate incident response activities to effectively contain, eradicate, and recover from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident. Follow major incident process. Threat Intelligence: Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes. Contribute to the development of threat intelligence feeds to enhance proactive threat detection. Security Tool Management: Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness. Evaluate new security technologies and recommend enhancements to the security infrastructure. Collaboration: Collaborate with cross-functional teams, including IT, legal, and management, to address security incidents and implement preventive measures. Provide expertise and guidance to other analysts. Working with the Technical Delivery Team to ensure all new and changed services are monitored accordingly. Documentation: Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports. Create post-incident reports for management and stakeholders. Create monthly reporting packs as per contractual requirements. Create and document robust event and incident management processesRunbooks & Playbooks. Other responsibilities: Involvement in scoping and standing up new solutions for new opportunities. Assisting Pre-Sales team with requirements on new opportunities. Demonstrations of SOC tools to clients. Continual Service Improvement - Recommendations for change to address incidents or persistent events. Essential Skills and Experience: Analytical mindset with the ability to troubleshoot and solve complex security issues. Excellent communication and interpersonal skills for collaborating with diverse teams. Leadership qualities to guide other team member and drive security initiatives. Up-to-date knowledge of cybersecurity trends and threats. Full understanding of SIEM systems -Microsoft Sentinel, Manage Engine Log 360, IBM QRadar, Splunk, Sentinel etc Demonstrable understanding of IT Security Management, Policies, Procedures, Standards and Guidelines. Ability to work autonomously Clear understanding of runbooks and playbooks with the ability create these from scratch Understanding of ISO 27001, ISO 9001 & Cyber Essentials would be extremely advantageous Security Operations and Incident Handling Previous experience working within a SOC team A great opportunity for a SOC professional to push their career forward in a challenging and exciting environment. Due to the high level of Security clearance required, applicants must be British Nationals. You must hold SC Clearance for this role or be willing to go through SC Clearance. Salary: £65,000 Location: Hybrid working (1-2 days Becrypt Head Office in Central London/Home Working) Apply Now To apply for the Senior SOC Analyst role, please send a copy of your CV and covering letter by using the apply button provided on the page.
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more!
Apr 24, 2024
Full time
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more!
Cyber Security Lead (Windows Azure SIEM) WFH / Epsom to £85k Are you an experienced Security Engineer / Analyst with a strong knowledge of Windows and Azure security? You could be progressing your career in a hands-on Cyber Security Lead role at an Independent Building Society that specialise in savings and mortgages, in a friendly and supportive environment where you can work with autonomy and enjoy flexible working. As a Cyber Security Lead, you will take ownership of threat management and response, establishing and maintaining robust cyber security policies, playbooks and procedure to ensure compliance with regulatory requirements, industry standards in an Operational role. You'll remain hands-on, acting as an escalation point for the Service Desk, investigating and remediating security threats. You'll perform root cause analysis of security incidents and participate in post-incident reviews to provide practical recommendations for improving the organisation's threat detection and incident response capabilities and overall security posture. Office & WFH Policy: You'll have flexibility to work from home, meeting up with colleagues in the Epsom office three days a week; there's flexible start and finish times too. Requirements: You have experience in a similar Senior Cyber Security Analyst / Engineer role You have experience using security tools (such as SIEM, FIM, EDR, or NDR) and security framework and standards implementation (NiST, ISO27001, PCI-DSS, etc) You have experience of a Windows and Azure environment You have strong analysis and problem solving skills with meticulous attention to detail You have excellent communication and collaboration skills including stakeholder management and are happy to mentor one other Salary & Benefits: As a Cyber Security Lead, you can expect to earn competitive salary (up to £85k) plus benefits. Pension (up to 10% contribution) Private Healthcare Life Assurance Company bonus Professional study support Apply now to find out more about this Cyber Security Lead (Windows Azure SIEM) role. At Client Server we believe in a diverse workplace that allows people to play to their strengths and continually learn. We're an equal opportunities employer whose people come from all walks of life and will never discriminate based on race, colour, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. The clients we work with share our values.
Apr 24, 2024
Full time
Cyber Security Lead (Windows Azure SIEM) WFH / Epsom to £85k Are you an experienced Security Engineer / Analyst with a strong knowledge of Windows and Azure security? You could be progressing your career in a hands-on Cyber Security Lead role at an Independent Building Society that specialise in savings and mortgages, in a friendly and supportive environment where you can work with autonomy and enjoy flexible working. As a Cyber Security Lead, you will take ownership of threat management and response, establishing and maintaining robust cyber security policies, playbooks and procedure to ensure compliance with regulatory requirements, industry standards in an Operational role. You'll remain hands-on, acting as an escalation point for the Service Desk, investigating and remediating security threats. You'll perform root cause analysis of security incidents and participate in post-incident reviews to provide practical recommendations for improving the organisation's threat detection and incident response capabilities and overall security posture. Office & WFH Policy: You'll have flexibility to work from home, meeting up with colleagues in the Epsom office three days a week; there's flexible start and finish times too. Requirements: You have experience in a similar Senior Cyber Security Analyst / Engineer role You have experience using security tools (such as SIEM, FIM, EDR, or NDR) and security framework and standards implementation (NiST, ISO27001, PCI-DSS, etc) You have experience of a Windows and Azure environment You have strong analysis and problem solving skills with meticulous attention to detail You have excellent communication and collaboration skills including stakeholder management and are happy to mentor one other Salary & Benefits: As a Cyber Security Lead, you can expect to earn competitive salary (up to £85k) plus benefits. Pension (up to 10% contribution) Private Healthcare Life Assurance Company bonus Professional study support Apply now to find out more about this Cyber Security Lead (Windows Azure SIEM) role. At Client Server we believe in a diverse workplace that allows people to play to their strengths and continually learn. We're an equal opportunities employer whose people come from all walks of life and will never discriminate based on race, colour, religion, sex, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. The clients we work with share our values.
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more! Being yourself Difference makes us who we are. We believe everyone should feel comfortable to bring their whole selves to work - that's why we champion diverse voices, build workplaces that work for people, and invest in the things that matter. From senior leadership to inclusivity networks, adaptive working to inclusion training, we've made it our mission to give you everything you need to be authentically you. Discover more at Together we're one of a kind.
Apr 24, 2024
Full time
At Direct Line Group, insurance is just the start. Combining decades of industry experience with talented people in every field from data, technology, customer care and auto repair, to HR, finance and procurement , we're a customer-obsessed market powerhouse. And we all work together to be brilliant for customers, every single day. We're evolving, to be a more digitally-focused data-driven insurance company of the future - and your unique talent, skills and ideas can drive our success. Like us, you thrive on collaboration, exploration and innovation. And like you, we take tech seriously. That's why we're embracing the move to a more digital, flexible world. With constant investment in the newest tools, programmes and equipment for our teams, it all adds up to creating the best possible user experience for customers. And a great career for you. Join us. Own the evolution. We have an exciting opportunity for a Senior Security Operations Analyst to join our re-energised Cyber Defence team! Reporting into the Cyber Defence Security Operations Lead, you will act as the as a secondary contact and escalation point for the team. You'll manage a team of Security Analysts to oversee the day-to-day operational delivery of services provided by our third party 24x7 Security Operations Centre, and will take ownership of our security presence and identify any gaps by working with various stakeholders across the business. What else you'll be doing: Maintaining security oversight of the technical infrastructure delivered by third party suppliers and raising concerns/issues that pose a security risk to the organisation accordingly. You will also manage any operational risk remediation to conclusion and take ownership within the team. Managing development and improvements required for detection engineering and associated technologies. Responsible for the operational and threat malware analysis for the group. Providing security input and for maintaining relationships with the Service Management function in relation to change management, problem management and incident management. Responsible for the level 2 / 3 operational Cyber incident response. Escalating in a timely manner any incidents and anomalies that are detected within DLG and providing subject matter expertise and guidance for operational challenges. Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to relevant areas within the company. Collating metrics on the status of technical information security controls across the DLG estate, highlighting risk areas and working to develop and manage remediation plans as required. Collaborating with all CISO teams to report appropriate operational issues that may be resolved at an architecture level Operational On-Call Requirement This role has a shared, rotational 24/7 on-call requirement and forms part of information security incident response capability. You will act as the single point of contact for all security related response actions and decisions, including management of each incident from a security perspective, interaction with IM/MIM teams (where required) and recording of all key security decisions. What you'll need: Knowledge and operational experience in firewalls, intrusion detection and prevention systems, anti-virus and content filtering, URL filtering, authentication solutions, switches, routers, Voice over IP (VoIP), firewall zoning. Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc. Knowledge and experience of enterprise grade technologies including operating systems, databases, and web applications. Knowledge and experience of performing network traffic analysis for identifying any developing patterns. Ability to assist with knowledge transfer and mentoring/up skilling of junior team members Security Analysis for CompTIA CySA+ or similar level of certification It would be beneficial if you have: Experience with any of the following technologies: Data Loss Prevention, Intrusion Prevention/Detection Systems, Firewalls, SIEM. Knowledge of reporting suites such as Power BI Good understanding of Microsoft security suites and associated qualifications Threat identification. Security certifications such as CISM, CISSP, M.Inst.ISP, CISA by a recognised professional body Technical certifications by a recognised professional body in network or systems engineering Fundamental Cloud Concepts for AWS. OWASP Top 10: API Security Playbook. Ways of Working This role is based out of our London Bridge office. Our hybrid model way of working offers a 'best of both worlds' approach combining the best parts of home and office-working, offering flexibility for everyone. When you'll be in the office depends on your role, but most colleagues are in 2 days a week, and we'll consider the flexible working options that work best for you. Read our flexible working approach here Benefits We wouldn't be where we are today without our people and the wide variety of perspectives and life experiences they bring. That's why we offer excellent benefits to suit your lifestyle and a flexible working model combining the best parts of home and office-working, varying with the nature of your role. Our core benefits include: 9% employer contributed pension Up to 10% bonus 50% off home, motor and pet insurance plus free travel insurance and Green Flag breakdown cover Additional optional Health and Dental insurance EV car scheme which allows all colleagues to lease a brand new electric or plug-in hybrid car in a tax efficient way. 25 days annual leave Buy as you earn share scheme Employee discounts and cashback Plus many more! Being yourself Difference makes us who we are. We believe everyone should feel comfortable to bring their whole selves to work - that's why we champion diverse voices, build workplaces that work for people, and invest in the things that matter. From senior leadership to inclusivity networks, adaptive working to inclusion training, we've made it our mission to give you everything you need to be authentically you. Discover more at Together we're one of a kind.
Contents Location About the job Benefits Things you need to know Apply and further information Location Belfast, Cardiff, Darlington, Edinburgh, London About the job Summary Join a team at the heart of the global economy! We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video ! Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas. Youll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade. Job description This role sits within the DIT Security Operations Centre (SOC), which is responsible for the identification and handling of security threats. You will be responsible for the monitoring aspects of the SOCs Target Operating Model (TOM) at a high level, acting as the final point of escalation for the resolution of incidents identified by SOC analysts. A key part of the role will be the identification and implementation of lessons learned from cyber security incidents as part of a continuous improvement cycle. Improvements to DITs capability to detect and response will be a priority. In the role you will be managing and mentoring junior SOC staff, and so this role is suitable for someone looking for a position of responsibility. Responsibilities Responsibilities In your day-to-day role, you will: Lead the implementation of the DIT monitoring policyand management of the SOC TOM, providing expert advice to junior SOC staff. Review existing and new data sources being ingested into the SIEM and propose and implement use cases for detection and analysis. Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks, and tooling. Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunterand in line with DITs policies. Communicate the significance of the results of investigations and risk mitigation outcomes and engage with a broad range of senior stakeholders. Be responsible for defining the vision, principles, and strategy for incident response. Essential Skills and Experience You should be able to demonstrate essential skills and experience of: Significant experience of working at tier 2 or tier 3 in a SOC with management/mentoring responsibilities . Demonstrable experience with KQL or similar query language . Solid knowledge of various information security frameworks, for example MITRE. Demonstrable experience in cyber security incident management . Effective verbal and written communication skills. Demonstrable knowledge and experience of intrusion detection and analysis skills . Desirable Skills and Experience While not essential, it would be ideal if you have demonstrable skills and experience of: SIEM and Security Software, especially Microsoft Professional information security certification CISSP or similar. Experience of working in a multi-cloud environment. Knowledge or experience of forensics. Benefits Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension with an average employer contribution of 27% Things you need to know Security Successful candidates must pass a disclosure and barring security check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete basic personnel security standard checks. Selection process details We are closely monitoring the situation regarding the coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. In addition, where appropriate, you may be invited to attend a video interview. Please continue to follow the application process as normal and ensure that you check your emails regularly as all updates from us will be sent to you this way. Assessment and Interview As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role. At the sift stage for this role, Inspire People will assess you against the essential criteria listed above to compile a long list of applications. If you are progressed through to this stage, you will be asked to complete a short, pre-recorded video interview with Inspire People or provide written answers to questions. These applications will then be sifted by DIT hiring managers. Initial sifting will take place the week commencing 26th September, with CV submissions to DIT on the 30th September. Interviews will take place the week commencing 10th October. Please note that these dates are indicative and may be subject to change. At the interview stage for this role, we will assess your technical/specialist experience, outlined in the above role description, testing your ability through relevant assessments/presentations and ask you questions around Behaviours and Technical skills, which are part of the Civil Service Success Profiles . The technical element within the interview, where you will be asked a series of questions to demonstrate your specific professional skills and knowledge related directly to the job role and context, will assess against these Technical Skills: Intrusion detection and analysis Threat intelligence and assessment Incident management, investigation, and response Information risk assessment and risk management Applied security capability Query language expertise You will also be assessed against the Behaviours of: Developing Self and Others Changing and Improving Delivering at Pace Offer Stage Appointments may be made to candidates in merit order based on location preferences. The salary we will offer is determined using interview performance. Scores at interview translate to proficiency levels and an associated salary. Once a successful candidate has a proficiency level and is part of the capability framework, they will be given opportunities to self-assess to progress through the pay scale within their grade during their time at DIT. For further explanation of proficiency levels and more information about DDaT click here. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Candidates who pass the bar at interview but are not the highest scoring will be held on a 12-month reserve list for future appointments. Candidates who are judged to be a near miss at interview may be offered a post at the grade below the one advertised. If successful and transferring from another Government Department a criminal record check may be carried out. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. Harmonised terms and conditions are attached. Please take time to read the document to determine how these may affect you. Please note the successful candidate will be expected to remain in post for a minimum of 18 months before being released for another role. Any move to the Department for International Trade from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at New entrants are expected to join on the minimum of the pay band. Reasonable adjustment If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should contact the DDaT Recruitment team before the closing date to discuss your needs. Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DIT by email: ..... click apply for full job details
Sep 24, 2022
Full time
Contents Location About the job Benefits Things you need to know Apply and further information Location Belfast, Cardiff, Darlington, Edinburgh, London About the job Summary Join a team at the heart of the global economy! We create digital services, data tools and technology for businesses to prosper around the world. Have a look at our video ! Our Digital, Data and Technology team develops and operates tools, services, and platforms that enable the UK government to provide world leading support to businesses in the UK and overseas. Youll get to constantly push boundaries in an environment free of heavy legacy, driven by curiosity, social purpose, diversity of thought, entrepreneurship, and the aspiration to offer an incredible experience to all our users. Find out more on our blog, Digital Trade. Job description This role sits within the DIT Security Operations Centre (SOC), which is responsible for the identification and handling of security threats. You will be responsible for the monitoring aspects of the SOCs Target Operating Model (TOM) at a high level, acting as the final point of escalation for the resolution of incidents identified by SOC analysts. A key part of the role will be the identification and implementation of lessons learned from cyber security incidents as part of a continuous improvement cycle. Improvements to DITs capability to detect and response will be a priority. In the role you will be managing and mentoring junior SOC staff, and so this role is suitable for someone looking for a position of responsibility. Responsibilities Responsibilities In your day-to-day role, you will: Lead the implementation of the DIT monitoring policyand management of the SOC TOM, providing expert advice to junior SOC staff. Review existing and new data sources being ingested into the SIEM and propose and implement use cases for detection and analysis. Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks, and tooling. Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunterand in line with DITs policies. Communicate the significance of the results of investigations and risk mitigation outcomes and engage with a broad range of senior stakeholders. Be responsible for defining the vision, principles, and strategy for incident response. Essential Skills and Experience You should be able to demonstrate essential skills and experience of: Significant experience of working at tier 2 or tier 3 in a SOC with management/mentoring responsibilities . Demonstrable experience with KQL or similar query language . Solid knowledge of various information security frameworks, for example MITRE. Demonstrable experience in cyber security incident management . Effective verbal and written communication skills. Demonstrable knowledge and experience of intrusion detection and analysis skills . Desirable Skills and Experience While not essential, it would be ideal if you have demonstrable skills and experience of: SIEM and Security Software, especially Microsoft Professional information security certification CISSP or similar. Experience of working in a multi-cloud environment. Knowledge or experience of forensics. Benefits Learning and development tailored to your role An environment with flexible working options A culture encouraging inclusion and diversity A Civil Service pension with an average employer contribution of 27% Things you need to know Security Successful candidates must pass a disclosure and barring security check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is security check . See our vetting charter . People working with government assets must complete basic personnel security standard checks. Selection process details We are closely monitoring the situation regarding the coronavirus, and will be following central Government advice as it is issued. There is therefore a risk that recruitment to this post may be subject to change at short notice. In addition, where appropriate, you may be invited to attend a video interview. Please continue to follow the application process as normal and ensure that you check your emails regularly as all updates from us will be sent to you this way. Assessment and Interview As part of the application process you will be asked to upload a CV which outlines your experience, skills and fit for the role. At the sift stage for this role, Inspire People will assess you against the essential criteria listed above to compile a long list of applications. If you are progressed through to this stage, you will be asked to complete a short, pre-recorded video interview with Inspire People or provide written answers to questions. These applications will then be sifted by DIT hiring managers. Initial sifting will take place the week commencing 26th September, with CV submissions to DIT on the 30th September. Interviews will take place the week commencing 10th October. Please note that these dates are indicative and may be subject to change. At the interview stage for this role, we will assess your technical/specialist experience, outlined in the above role description, testing your ability through relevant assessments/presentations and ask you questions around Behaviours and Technical skills, which are part of the Civil Service Success Profiles . The technical element within the interview, where you will be asked a series of questions to demonstrate your specific professional skills and knowledge related directly to the job role and context, will assess against these Technical Skills: Intrusion detection and analysis Threat intelligence and assessment Incident management, investigation, and response Information risk assessment and risk management Applied security capability Query language expertise You will also be assessed against the Behaviours of: Developing Self and Others Changing and Improving Delivering at Pace Offer Stage Appointments may be made to candidates in merit order based on location preferences. The salary we will offer is determined using interview performance. Scores at interview translate to proficiency levels and an associated salary. Once a successful candidate has a proficiency level and is part of the capability framework, they will be given opportunities to self-assess to progress through the pay scale within their grade during their time at DIT. For further explanation of proficiency levels and more information about DDaT click here. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. Candidates who pass the bar at interview but are not the highest scoring will be held on a 12-month reserve list for future appointments. Candidates who are judged to be a near miss at interview may be offered a post at the grade below the one advertised. If successful and transferring from another Government Department a criminal record check may be carried out. The Department for International Trade embraces and values diversity in all forms. We welcome and pride ourselves on the positive impact diversity has on the work we do, and we promote equality of opportunity throughout the organisation. Harmonised terms and conditions are attached. Please take time to read the document to determine how these may affect you. Please note the successful candidate will be expected to remain in post for a minimum of 18 months before being released for another role. Any move to the Department for International Trade from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare. Determine your eligibility at New entrants are expected to join on the minimum of the pay band. Reasonable adjustment If a person with disabilities is put at a substantial disadvantage compared to a non-disabled person, we have a duty to make reasonable changes to our processes. If you need a change to be made so that you can make your application, you should contact the DDaT Recruitment team before the closing date to discuss your needs. Our recruitment process is underpinned by the principle of appointment on the basis of fair and open competition and appointment on merit, as outlined in the Civil Service Commissioners Recruitment Principles. If you feel your application has not been treated in accordance with these principles and you wish to make a complaint, you should in the first instance contact DIT by email: ..... click apply for full job details