Job Title Senior Security Operations Analyst
IG’s Security Operations team (SOC) are responsible for managing security related events within IG. The goals of the team are to ensure that security incidents adversely affecting the business are quickly diagnosed, workarounds are determined, proper root cause analysis is performed, and actions are taken to prevent the issue from reoccurring.
The Security Operations function is a vital piece of the organisation ensuring company information and systems are protected from unauthorized access, disruption, modification or destruction. This is accomplished using various operational security controls, processes and policies.
Core functions include:
- Drive the creation and refinement of security monitoring rules, techniques and processes.
- Proactively hunt for evidence of threats or compromise using all available tools. Incident Management
- Investigate and resolve escalated security incidents both independently and leading a team of SOC colleagues.
- Ensure the defined playbooks are followed correctly, and accurate logs are made of all actions during incident response.
- Support and mentor colleagues with best-practice incident management techniques and behaviors.
- Perform root cause analysis, recommend process improvements, and write final post-incident reports. Project Delivery
Take part in the team’s project delivery initiative, rotating between the following roles on a 1-3 monthly schedule:
- Vulnerability Management – maintain regular scans, interpret results, identify asset owners, track remediation activities and report on the agreed SLAs.
- Security Controls Administration – maintain availability and functionality of all security controls; implement new and advanced features where available; write technical documentation and manage changes.
- SIEM Maintenance & Content – maintain availability of the underlying infrastructure, develop new alerts, field parsers, models and automated playbooks, and integrate new log sources where appropriate.
- Threat Intelligence & Threat Hunting – provide, develop and integrate external threat intelligence data into the team’s detection capabilities; perform proactive threat hunts based on working hypotheses, and implement subsequent SIEM alerts where required.
- Purple Team & Scenario Exercises – regularly test the team’s detection capabilities, develop scenario based training, and organised purple team exercises, both in house and with third party providers . • Insider Threat – maintain and develop the Data Loss Prevention policies in line with the company’s data classification requirements, and implement exceptions for business approved procedures where required. Improve the detection and response capabilities of the remaining security controls with a focus on insider threat.
- Escalation Analyst – support analysts during incident response and take the lead in more complex investigations; validate true positive security incidents, ensuring all playbook actions have been completed reliably with an incident timeline populated, and provide training sessions for other analysts. Reporting & Documentation
- Assist with the preparation of regular reports and the collection of defined metrics.
- Take an active role in the creation and continual improvement of SOC process and procedures documentation, as well as the refinement of manual and automated workflows and playbooks. Other
- Lead the training and development of other SOC team members, sharing knowledge and demonstrating best-practices by example.
- Lead internal projects to improve the effective operation of the SOC, such as contrasting competing tools or technologies, re-designing existing security controls and assessing the impact of changes to IG’s IT environment.
- Take an active role in external projects as the security SME ensuring that operational security issues are considered and implemented appropriately. Essential Skills and Attributes:
This is an experienced role, and therefore candidates are expected to convincingly satisfy most of the listed requirements. Successful candidates will demonstrate an independent and self-motivated approach to continuing the development of their skills and knowledge.
- 3 - 10 years of experience in operational IT or security roles is required. o At least 2 years SOC or security experience is required.
- Deep familiarity with one or more SIEM tools is required.
- A good knowledge of a wide variety of security products is required.
- A strong understanding of technical IT concepts is required, including: o Windows and Linux operating systems and system administration o Networking, including TCP/IP and other common protocols o Microsoft Active Directory
o Command line interfaces and scripting
- Understand the role, benefits/downsides, and standard use cases of technical security products, such as firewalls, antivirus, web proxies, SIEM, IDS/IPS, DLP, and EDR.
- Familiarity with vulnerability scanning and penetration testing tools and techniques.
- Strong ability to focus and complete detailed tasks with high degree of accuracy.
- Able to communicate complex information clearly and logically, both verbally and in writing.
- Proficient with MS Office for general collaboration, communication and reporting. Desirable Skills:
- Experience with network forensic tools, such as network sniffers and protocol analysers.
- Practical experience with penetration testing tools and techniques.
- Hands-on experience with the administration of cloud environments (especially AWS and Azure)
- Experience of working in a multi-national organisation. • Experience of working in the finance or technology sectors.
- Interest in financial products, trading, or investments. Qualifications:
A university degree in one of the following fields is preferred (but not required):
- Cyber / Information Security, Digital Forensics, Ethical Hacking
- Computer Science, Software Development, Network Engineering
- Mathematics, Physics and other STEM subjects Other desirable certifications include:
- CISSP • CEH, CREST, OSCP
- Security+, Network+, CySA+
- Vendor certifications for Microsoft, Linux, cloud, networking or security products Hours:
The role is normal UK office hours. The successful candidate may be expected to work overtime in response to occasional major incidents. This is compensated with time in lieu.
Number of openings 1