You will provide technical security expertise in response to security incidents on a 24x7 basis. you'll work in conjunction with the SOC service provider to provide Level 3 security event monitoring across the business. You shall manage SOC service provider and any third party specialists to support the investigation, documentation and reporting of information security incidents in a timely manner and lead the Root Cause Analysis activities.
- Provide technical security expertise in response to security incidents occurring within the business on a 24x7 basis. Work in conjunction with the SOC service provider to provide Level 3 security event monitoring across the organisation (e.g. collating security events gathered across sources, triaging events and managing security events as required to help ensure these are responded to in a timely and effective manner).
- Configure security tools to design and implement use cases to ensure there is a mature level of detection and response.
- Provide a Level 3 response (inputting technical and business expertise) for various security events and incidents such as intrusion, malware infections, network breaches and denial of service attacks to help ensure these are managed in a timely and effective manner.
- Manage SOC service provider and any third party specialists to support the investigation, documentation and reporting of information security incidents in a timely manner and lead the Root Cause Analysis activities.
- Provide technical expertise to the SOC service provider and all business areas to ensure an effective threat-led detection capability is maintained. Drive continuous improvement of the service (e.g. via ongoing use case development) to ensure security operations addresses the evolving threat and business landscapes.
- Support the Infrastructure Security Manager in executing and managing key infrastructure security activities (e.g. infrastructure vulnerability assessment, network security and malware protection) and technology products (e.g. malware prevention, NAC, DLP), to help ensure a coordinated approach across all security areas.
- Assist in any required management information creation and collation such as dashboards for leadership and application owners to help ensure that risk events and changes in trends are easily detected and reported on.
- Ensure alignment to their Customer Experience and Treating Customers Fairly (TCF) policy.
- At least two years' experience of working in a Security Operations Centre or Incident Response is essential.
- A working knowledge of tools used in detection and response such as EDR, Network Monitoring, IDS/IPS, Firewalls and DLP.
- An understanding of threat intelligence and how it can be used within Security Operations to build mature detection and response.
- An awareness of new and emerging threats with an ability to build in detection capability around this knowledge.
- Basic understanding of crisis management planning methodologies
- Ability to work independently and manage incidents with the minimum of guidance.
- Understanding of event management solutions, automation and orchestration platforms
- Experience of working with and detecting and responding to threats within Cloud environments.
- Experience of mentoring and guiding junior members of staff.
- Proven experience in building new use cases based on threat intelligence, emerging threats or TTP's.