Technical Security Consultant, Cyber Defence Operations


Job Ref: 
Job Type: 
£50,000 - £60,000 per annum
Consultant Name: 
Colin Nutton
Contact Email:
Contact Number: 
020 7444 9617


-Technical security Consultant-

Job Description

Title: Technical Consultant, Cyber Defence Operations

My client offers world class investment solutions and retirement expertise. As a privately owned, independent company, investment is our only business. We are driven by the needs of our clients, not by shareholders. Our vision is to deliver innovative client solutions for a better future.

Department Description

The Information Security & Technology Risk department is a part of the Global Technology department. The Technology function provides IT services to the business, globally. These include the development and support of business applications that underpin their revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.

Information Security & Technology Risk (ISTR) is responsible for:

* IT Security: Protecting the Technology Environment from internal and external security threats,

* Application Security (through secure coding practices, penetration testing, and developer training)
* Centralised Access Management – working to principles of least privilege, access appropriate to role, and Role Based Access Control
* Infrastructure Security
* Security Engineering and Architecture
* Security Application Support

* Cyber Defence Operations
* Information Security Risk Management
* Technology Risk and Audit Management,
* Technology Service Continuity

Purpose of your role

The CDO has a requirement for day-to-day management of security tools used to respond to malware and other security related incidents. The technologies include, but are not limited to, Advanced malware detection, DDoS, IPS, anti-spam, threat intelligence and logging/analytics capabilities. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools.

Key Responsibilities

* Security tools

* Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)

* Use provided tools to perform continual monitoring and analysis of system activity to identify malicious activity
* Coordinate with other departments to manage and administer the updating of rules and signatures (e.g. intrusion detection/protection systems, anti-virus, and content blacklists) for specialized applications.
* Coordinate with enterprise-wide Networks teams to validate network alerts
* Employ approved defence-in-depth principles and practices (e.g., defence-in-multiple places, layered defences, security robustness)
* Examine network topologies to understand data flows through the network
* Recommend computing environment vulnerability correction

* Triage events including malicious activity and incidents of concern.

* Analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
* Receive and analyse network alerts from various sources within the enterprise and determine possible causes of such alerts
* Determine appropriate course of action in response to identified and analysed anomalous network activity
* Determine tactics, techniques, and procedures (TTPs) for intrusion sets
* Characterize and analyse network traffic to identify anomalous activity and potential threats to network resources
* Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
* Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
* Conduct tests of information assurance (IA) safeguards in accordance with established test plans and procedures
* Identify and analyse anomalies in network traffic using metadata
* Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
* Validate detection alerts against network traffic using packet analysis tools
* Identify applications and operating systems of a network device based on network traffic
* Reconstruct a malicious attack or activity based on network traffic
* Identify network mapping and operating system fingerprinting activitiesReporting, monitoring & support

* Identify potential conflicts with implementation of any tools within CDO area of responsibility (e.g., tool/signature testing and optimization)
* Develop content for CDO tools
* Provide summary reports of network events and activity relevant to CDO
* Perform trend analysis and reporting
* Monitor external data sources (e.g. vendor sites, Computer Emergency Response Teams, SANS, Open Source and Private feeds) to maintain currency of threat condition and determine which security issues may have an impact on the enterprise
* Support weekly reporting activities on a rotational basis for the CDO function

Experience and Qualifications Required

The ideal candidate will have good relevant and recent hands-on experience in operating within Cyber Defence Operations group (aka SOC – Security Operations Centre). Some experience compiling SNORT, YARA based rules and working with Splunk or similar toolsets desirable.

* Proven track record of relevant IT Security experience
* At least 5 years’ experience working in an IT Security function
* Security certifications preferred (CISSP, CISM)
* Additional qualifications such as SANS beneficial.
* Proven experience of general technology infrastructure technologies and principles
* Working knowledge of cyber-attack techniques, cyber kill chain, and effective compensating mitigation and detection controls
* Knowledge and understanding of up to date security threats and common exploits
* Knowledge and experience working with PCI, ISO 27000 standards, ITIL
* Understanding of the underlying protocols and data used as the basis for the security monitoring service, including: HTTP, HTTPS, SQL, TCP/IP, Active Directory
* Knowledge and experience working with security tools used to monitor business environments (SIEM, netflow, IDS/IPS, Vulnerability Management, Advanced malware detection, AntiVirus etc).

To apply for this position please email your CV to today!!

-Technical Security Consultant-

E-Synergy Solutions Limited is acting as an Employment Agency in relation to this vacancy.

Apply for this role

Send us your CV

Apply for this Role

Apply for the role via your Indeed account.