Senior Security Engineer (Proactive Threat Hunting)
Competitive salary + bonus + benefits
About the Company
The company is a diversified international food, ingredients and retail group operating in 50 countries. Whilst some companies claim to be ‘the best thing since sliced bread’, this company actually are! In the 1930’s they introduced sliced bread to the UK for the first time.
Reporting to the Security Operations Manager, the SOC Analyst/SIEM Engineer will possess in-depth knowledge on network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure; acts as an incident “hunter,” not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.
- Monitoring and analysis of cyber security events
- Extensive experience analysing and synthesising information with other relevant data sources
- Providing guidance and mentorship to others in cyber threat analysis and operations, evaluating, interpreting, and integrating all sources of information
- Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP)
- Functional escalation point for incidents assigned by Tier 2 and acting as a referral point to determine any increased risks to the business
- Recognise potential successful and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
- Conducts and/or supervises computer forensic examinations to include the collection, preservation, processing, and analysis of digital evidence
- Respond to security incidents by collecting, analysing, preserving digital evidence and ensure that incidents are recorded and tracked in accordance with SSC Security Operations requirements.
- Responsible for leading rapidly evolving incident response as the key technical expert
- Work closely with the other teams to assess risk and provide recommendations for improving our security posture.
- Working knowledge of any of the following tools is required: Splunk, Symantec Endpoint, RSA Security Analytics, NIKSUN, Wireshark, or other information security tools.
- Conduct research on emerging security threats.
- Provides correlation and trending of cyber incident activity.
- Develops threat trend analysis reports and metrics.
- Supports tier 1 and 2 analysis, handling and response activity.
- Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
- Author Standard Operating Procedures (SOPs) and training documentation when needed.
- Minimum of 5 years of IT with at least 4 years of information security operations or incident response experience, and familiarity with Cyber Kill Chain
- Minimum of 4 years of professional experience in collecting, synthesising, fusing, or authoring unclassified and classified cyber threat intelligence
- By a Subject Matter Expert in Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web filtering, Advanced Threat Protection.
- Must have at least one of the following certifications: SANS: GCWN, GSSP, GISCP, GSSP Carnegie Mellon: SEI, ISC2: CCSP, CISSP, CISSP - ISSEP, ISSAP, CSSLP, SSCP, Cisco: CCNP, CCIE Security, EC Council: ENSA, ECSP, Microsoft: MCSE, Redhat: RHCA, RHCE, VMWare: VCA, VCP, VCAP, VCIX, VCDX, DoD 8570: IASAE 1 or 2
Knowledge & Experience
- Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
- The ability to take lead on incident research when appropriate and be able to mentor Tier 1 and 2 Analysts.
- Self-motivated and able to work in an independent manner.
- Excellent analytical and problem solving skills
- Experience with technical writing
- Possess an understanding of security standards and risk management
- Have excellent written and verbal communication skills
- Possess the ability to adjust and adapt to changing priorities in a dynamic environment
- Be able to multi-task and be pro-active in addressing issues and requests
- Possess technical acumen and the ability to understand and interpret technical specifications
If you are interested in applying to this role please feel free to contact Teo Rusu on 01908 886 030 or firstname.lastname@example.org