The Cyber Defence Operations team has a requirement for day-to-day management of security tools used to respond to malware and other security related incidents. The technologies include, but are not limited to, advanced malware detection, DDoS, IPS, anti-spam, threat intelligence and logging/analytics capabilities. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools.
The global cybersecurity & Information security (GCIS) department is a part of the Global Technology department. The Technology function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, and marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.
Global cybersecurity & Information security (GCIS) is responsible for:
- Cyber Security - protecting the Technology Environment from internal and external security threats
- Application Security - through secure coding practices, penetration testing, and developer training
- Centralised Access Management - working to principles of least privilege, access appropriate to role and Role Based Access Control Security Assurance & Compliance
- Vulnerability Management
- Security Engineering and Architecture
- Security Application Support
- Cyber Defence Operations
- Information Security Risk Management
Purpose of your role
The Cyber Defence Operations team has a requirement for day-to-day management of security tools used to respond to malware and other security related incidents. The technologies include, but are not limited to, advanced malware detection, DDoS, IPS, anti-spam, threat intelligence and logging/analytics capabilities. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools. In addition, the candidate will be providing threat analysis on regional and global risks facing the organisation.
- Conduct research, analysis and correlation across a wide variety of all source data sets (e.g., indications and warnings)
- Use provided tools to perform continual monitoring and analysis of system activity to identify malicious activity and configure mitigations
- Coordinate with other departments to manage and administer the updating of rules and signatures (e.g. intrusion detection/protection systems, anti-virus, and content blacklists) for specialized applications.
- Coordinate with enterprise-wide Networks teams to validate network alerts.
- Employ approved defence-in-depth principles and practices (e.g. defence-in-multiple places, layered defences and security robustness).
- Recommend computing environment vulnerability corrections.
- Identity and correct inconsistencies or complications in process.
Triage events including malicious activity and incidents of concern
- Analyse identified malicious activity to determine weaknesses exploited, exploitation methods and effects on system and information.
- Receive and analyse network alerts from various sources within the enterprise and determine possible causes of such alerts.
- Assist in determining appropriate course of action in response to identified and analysed anomalous network activity.
- Analyse network traffic to identify anomalous activity and potential threats to network resources.
- Document and escalate incidents (including event's history, status and potential impact for further action) that may cause ongoing and immediate impact to the environment.
- Provide timely detection, identification and alerts of possible attacks/intrusions, anomalous activities and misuse activities and distinguish these incidents and events from benign activities.
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Reporting, monitoring and support
- Identify potential conflicts with implementation of any tools within CDO area of responsibility (e.g. tool, signature testing and optimization).
- Provide summary reports of security events and activity relevant to CDO. This includes external incident, threat intelligence and analysis.
- Perform trend analysis and reporting.
- Monitor external data sources to maintain currency of threat condition and determine which security issues may have an impact on the enterprise.
- Non office hours on call support on a rotation basis.
Your skills and experience
- At least 5 years of experience working in a SOC, cyber defence or Incident Response position.
- Knowledge of or experience working with security (SIEM, IPS, Anti-malware, EDR, email security, DLP, etc).
- Experience explaining the risk of security threats and creating mitigations.
- Experience of general IT infrastructure technologies and principles.
- Knowledge of current security threats and common exploits.
- Understanding of the underlying protocols.
- Understanding of Networking Architecture (OSI Model).
- Experience using data science or advance analytical tools to solve security incidents.
- Ability to automate tasks using scripting on both Windows and Linux systems.
- Concise and effective communicator confident with presenting to audiences at different levels in an organisation and with mixed levels of technical understanding.
- Excellent problem-solving and critical-thinking skills.
- Strong communication both written and verbal.
- Self-motivated, flexible and with a 'can do' attitude.
- Ability to pick up business knowledge, new technology areas, new processes/methodologies and apply these changes in the day-to-day working to improve Security organisation.
- Fluent in English.
- Undergraduate degree in a relevant technology field.
- Security accreditations such as CEH, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP and CISSP are desired.
- Security vendor certifications preferred such as Microsoft and AWS