The Senior Information Security Engineer is responsible for developing and implementing security solutions to protect the organizations IT infrastructure data and systems. The ideal candidate will have a strong understanding of cybersecurity best practices and a proven track record of success in implementing and managing security solutions. The Senior Information Security Engineer will manage SIEM content and monitor and detect cyber security threats & incidents. The ideal candidate is highly motivated intellectually curious and analytical. The role requires a blend of cybersecurity experience and highly developed communication skills. The purpose of this role is to enhance security monitoring tooling detections and incident response capabilities using SIEM solutions to provide a single view of the environment.
Responsibilities
- Develop and implement security strategies and plans
- Manage and maintain security infrastructure
- Conduct security risk assessments and audits
- Investigate and respond to security incidents
- Train and educate employees on security best practices
- Stay uptodate on the latest security threats and trends
- Work closely with the Engineering Application Support Cloud Support and various Business Teams to improve existing security monitoring and deliver resilient and comprehensive security solutions
- Onboard data to the required standards maintain and tune log sources data contents and use cases
- Provide evidence of compliance for our audited environments (including PCI ISO27001 ISAE3000 etc)
- Define how logs should be parsed and ingested for best practice
- Engage with other teams to ensure that the SIEM is performing to standard with all necessary logging sources monitored
- Analyse design and deliver solutions to detect and stop adversaries
- Propose additional Security Monitoring Use Cases
- Define thresholds and baselines to aggregate similar events then write correlation rules
- Ensure SIEM technologies are integrated & utilized to protect cyberrelated assets
- Support the operation of the comprehensive SIEM platform
- Analyse SOC alert statistics and workflows to reduce false positives and increase fidelity.
- Manage and improve SIEM infrastructure to improve detection flexibility and reliability.
- Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
- Research new security technologies
- Support relationships with 3rd party vendors to enhance monitoring
- Contribute to requirements for other security (and allied) technologies such as Endpoint/Network Detection & Response Intrusion Detection/Prevention Web Proxies etc
Requirements
- Bachelors degree in computer science information security or a related field
- 5 years of experience in cybersecurity
- Strong understanding of cybersecurity best practices
- Proven track record of success in implementing and managing security solutions
- Excellent communication and interpersonal skills
- Ability to work independently and as part of a team
- Seniorlevel experience within a logging and monitoring function with functional knowledge of a Security Operations Centre preferably within a Regulated Financial Services business
- Familiar with different log onboarding techniques in Splunk including Syslog HTTP event Universal Forwarder DB Connect and API queries
- Has the ability to write SPL and use and populate data models
- Previous experience in an audited environment complying with common regulation standards
- Experience with other common Security Monitoring Technologies
- Knowledge of global security and reporting standards such as NIST and MITRE
- Common cloudbased platform technology experience is beneficial
- Delivery mindset supported by the ability to execute in a complex technical environment
- Experience collaborating crossfunctionally to identify and implement best practice security logging and monitoring processes
- Strong interpersonal skills including good communication with the ability to articulate ideas in a precise and concise manner
- CISSP GIAC certifications or equivalent
- Familiarity with Indicators of Compromise (IoCs) Indicators of Attack (IoAs) ATT&CK Tools Techniques and Procedures (TTPs)
- Strong interpersonal skills including good communication with the ability to articulate ideas in a precise and concise manner
- The ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fastpaced collaborative team environment
- Flexible to provide oncall support 24/7 in the future if required
Benefits
Very attractive