Managed Service Provider IT support would be preferred for this role! The Second Line Engineer embodies a role characterised by diversity and complexity, encompassing elements of 1st, 2nd, and 3rd Line support. This position fosters the development of a seasoned and reliable professional with exceptional teamwork skills, setting a prime example for newcomers in the Service Desk team. This senior role serves as a pivotal point for exploring numerous career avenues, including, but not restricted to, advanced 3rd line support, specialised skill development, consulting, sales, or management. Primary Role Responsibilities Technical ability to resolve issues/requests through the Freshservice portal and support 1st & 2nd line engineers and infrastructure Leadership skills, which encompass the capacity to encourage junior peers, and set a leading example Document Handling skills in writing procedures and work instructions Assisting in Problem Management Incident Management Overview of Tasks and Responsibilities: Provide any supporting reports to stake holders and staff as and when required; Provide guidance, mentorship, and training to junior IT support engineers to enhance their technical skills and promote professional growth; Act as an escalation point for complex technical issues and assist junior colleagues in troubleshooting and resolving them effectively; Lead by example and demonstrate strong leadership qualities by setting high standards for teamwork, problem-solving, and customer service within the 2nd Line team; To maintain a high degree of customer service for all support queries and adhere to all service; management principles and SLA; To arrange for external technical support where problems cannot be resolved in house; Maintain a log of any software or hardware problems detected; To take ownership of user problems and be proactive when dealing with user issues; Support users in the use of computer equipment as and when needed; Maintaining IT SaaS infrastructure and security systems Be able to support 1st line engineers when they need to escalate a request or incident; To allocate more complex service issues to the 3rd line IT Infrastructure Engineers. Knowledge in monitoring/maintaining of Endpoint detection and response platforms (EDR) (Example: BitDefender, Carbon Black, Sentinel One, CrowdStrike); To act at the customer service point of contact between 3rd line and the client. Respond to enquiries from clients and help them resolve any hardware or software problems; Skills & Experience Must have worked in a customer-facing IT support role for 2+ years; Be familiar with ticket systems, logging and remote management and monitoring processes; Excellent Customer Service Skills; Deep working knowledge of the Microsoft stack of technology at administrator level, including Windows Server, Microsoft365 Admin Centres including Azure Entra ID, Office 365, Compliance, Exchange, etc. Additionally, exposure to Azure Virtual Desktop is desirable. Highly technical around networking (TCP/IP, DNS, DHCP etc.), voice and data communications; Demonstrate strong leadership abilities, including the ability to motivate and inspire junior colleagues, delegate tasks effectively, and lead by example; Display excellent problem-solving skills and the ability to think critically to resolve technical issues and implement process improvements; Possess project management skills, including planning, execution, and monitoring, to manage IT projects effectively; Have the ability to address and resolve conflicts within the team, ensuring a harmonious and productive work environment; Identify areas for process improvement within the 2nd Line team and work on implementing enhancements to increase efficiency and service quality; ITIL process aware and be able to create and maintain operational support documentation; In addition, any of the following would be advantageous: Previous experience working for an IT managed services provider (MSP) Microsoft Google Workspace ITIL 4 Foundation certification
Dec 06, 2024
Full time
Managed Service Provider IT support would be preferred for this role! The Second Line Engineer embodies a role characterised by diversity and complexity, encompassing elements of 1st, 2nd, and 3rd Line support. This position fosters the development of a seasoned and reliable professional with exceptional teamwork skills, setting a prime example for newcomers in the Service Desk team. This senior role serves as a pivotal point for exploring numerous career avenues, including, but not restricted to, advanced 3rd line support, specialised skill development, consulting, sales, or management. Primary Role Responsibilities Technical ability to resolve issues/requests through the Freshservice portal and support 1st & 2nd line engineers and infrastructure Leadership skills, which encompass the capacity to encourage junior peers, and set a leading example Document Handling skills in writing procedures and work instructions Assisting in Problem Management Incident Management Overview of Tasks and Responsibilities: Provide any supporting reports to stake holders and staff as and when required; Provide guidance, mentorship, and training to junior IT support engineers to enhance their technical skills and promote professional growth; Act as an escalation point for complex technical issues and assist junior colleagues in troubleshooting and resolving them effectively; Lead by example and demonstrate strong leadership qualities by setting high standards for teamwork, problem-solving, and customer service within the 2nd Line team; To maintain a high degree of customer service for all support queries and adhere to all service; management principles and SLA; To arrange for external technical support where problems cannot be resolved in house; Maintain a log of any software or hardware problems detected; To take ownership of user problems and be proactive when dealing with user issues; Support users in the use of computer equipment as and when needed; Maintaining IT SaaS infrastructure and security systems Be able to support 1st line engineers when they need to escalate a request or incident; To allocate more complex service issues to the 3rd line IT Infrastructure Engineers. Knowledge in monitoring/maintaining of Endpoint detection and response platforms (EDR) (Example: BitDefender, Carbon Black, Sentinel One, CrowdStrike); To act at the customer service point of contact between 3rd line and the client. Respond to enquiries from clients and help them resolve any hardware or software problems; Skills & Experience Must have worked in a customer-facing IT support role for 2+ years; Be familiar with ticket systems, logging and remote management and monitoring processes; Excellent Customer Service Skills; Deep working knowledge of the Microsoft stack of technology at administrator level, including Windows Server, Microsoft365 Admin Centres including Azure Entra ID, Office 365, Compliance, Exchange, etc. Additionally, exposure to Azure Virtual Desktop is desirable. Highly technical around networking (TCP/IP, DNS, DHCP etc.), voice and data communications; Demonstrate strong leadership abilities, including the ability to motivate and inspire junior colleagues, delegate tasks effectively, and lead by example; Display excellent problem-solving skills and the ability to think critically to resolve technical issues and implement process improvements; Possess project management skills, including planning, execution, and monitoring, to manage IT projects effectively; Have the ability to address and resolve conflicts within the team, ensuring a harmonious and productive work environment; Identify areas for process improvement within the 2nd Line team and work on implementing enhancements to increase efficiency and service quality; ITIL process aware and be able to create and maintain operational support documentation; In addition, any of the following would be advantageous: Previous experience working for an IT managed services provider (MSP) Microsoft Google Workspace ITIL 4 Foundation certification
Senior Infrastructure Engineer St Albans - Hybrid 1 day on site - Up to £60,000 VIQU are partnering with a leading data security company currently seeking a Senior Infrastructure Engineer to join their expanding team. In this role, the Senior Infrastructure Engineer will oversee the daily operations of multiple data centres, ensure strict adherence to network security protocols, and urgently address any critical incidents. Key Responsibilities of the Senior Infrastructure Engineer: Lead Infrastructure Team: Manage and mentor a team of infrastructure engineers, overseeing the daily operations and maintenance of multiple data centres within a managed service provider (MSP) environment. Network and Security Management: Maintain and upgrade network infrastructure, firewalls, and security systems, ensuring robust protection against threats with intrusion detection and prevention measures. Incident Response: Quickly respond to urgent incidents, conduct root cause analysis, and implement corrective actions to prevent future occurrences, minimizing disruption to operations. Ensure Compliance: Ensure all infrastructure operations and security measures comply with industry standards and regulatory requirements Experience needed for the Senior Infrastructure Engineer: Leadership and Technical Management: Proven experience in managing and overseeing the performance of technical engineers, with a strong focus on managing technologies and infrastructure environments, driving collaboration and performance across multiple projects. Problem Solving and Communication Skills: Strong problem-solving abilities with a keen attention to detail, alongside excellent communication skills to effectively manage incidents, lead teams, and interact with stakeholders. Network and Security Management Expertise: Proven experience in managing network security within a data centre environment, including expertise in firewall technologies such as Sophos or Barracuda. Data Centre Operations Knowledge: Strong understanding of data centre operations, including managing operating systems, hypervisors, and storage solutions to ensure optimal performance and reliability. To discuss this exciting opportunity in more detail, please APPLY NOW for a no obligation chat with your VIQU Consultant. Additionally, you can contact Danielle Green , by sending your updated CV to (url removed) . If you know someone who would be ideal for this role, by way of showing our appreciation, VIQU is offering an introduction fee up to £1,000 once your referral has successfully started work with our client (terms apply).
Dec 04, 2024
Full time
Senior Infrastructure Engineer St Albans - Hybrid 1 day on site - Up to £60,000 VIQU are partnering with a leading data security company currently seeking a Senior Infrastructure Engineer to join their expanding team. In this role, the Senior Infrastructure Engineer will oversee the daily operations of multiple data centres, ensure strict adherence to network security protocols, and urgently address any critical incidents. Key Responsibilities of the Senior Infrastructure Engineer: Lead Infrastructure Team: Manage and mentor a team of infrastructure engineers, overseeing the daily operations and maintenance of multiple data centres within a managed service provider (MSP) environment. Network and Security Management: Maintain and upgrade network infrastructure, firewalls, and security systems, ensuring robust protection against threats with intrusion detection and prevention measures. Incident Response: Quickly respond to urgent incidents, conduct root cause analysis, and implement corrective actions to prevent future occurrences, minimizing disruption to operations. Ensure Compliance: Ensure all infrastructure operations and security measures comply with industry standards and regulatory requirements Experience needed for the Senior Infrastructure Engineer: Leadership and Technical Management: Proven experience in managing and overseeing the performance of technical engineers, with a strong focus on managing technologies and infrastructure environments, driving collaboration and performance across multiple projects. Problem Solving and Communication Skills: Strong problem-solving abilities with a keen attention to detail, alongside excellent communication skills to effectively manage incidents, lead teams, and interact with stakeholders. Network and Security Management Expertise: Proven experience in managing network security within a data centre environment, including expertise in firewall technologies such as Sophos or Barracuda. Data Centre Operations Knowledge: Strong understanding of data centre operations, including managing operating systems, hypervisors, and storage solutions to ensure optimal performance and reliability. To discuss this exciting opportunity in more detail, please APPLY NOW for a no obligation chat with your VIQU Consultant. Additionally, you can contact Danielle Green , by sending your updated CV to (url removed) . If you know someone who would be ideal for this role, by way of showing our appreciation, VIQU is offering an introduction fee up to £1,000 once your referral has successfully started work with our client (terms apply).
Acronis is revolutionizing cyber protection-providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Product Manager to join our mission to create a future and protect all data, applications and systems across any environment. The ideal candidate for this position is a professional with a strong passion for technology and innovation who can guide products from start to launch specifically in the Cybersecurity space. You will collaborate with forward-thinking engineers and excited customers to ensure we have the most competitive and relevant cybersecurity solutions for services providers and enterprise customers. WHAT YOU'LL DO Support Product Strategy Development: Assist in formulating and refining the product vision and strategy for cybersecurity products. Collaborate closely with senior product leaders to align these strategies with broader business objectives while adapting to market demands and technological trends. Feature Planning and Execution: Aid in the definition and prioritization of product features and enhancements based on customer insights, competitive analysis, and technological advancements. Coordinate with the engineering and design teams to ensure timely and quality execution of the product roadmap. Collaborate with Cross-functional Teams: Work alongside engineering, marketing, sales, and customer support teams to facilitate the development and launch of product initiatives. Ensure seamless communication and coordination across teams to maintain project timelines and achieve collective goals. Market and Competitor Analysis: Continuously monitor and analyze cybersecurity trends, competitor strategies, and industry standards to inform product development decisions. Leverage this knowledge to contribute to product differentiation and positioning. Performance Metrics and Reporting: Utilize data analytics to track product performance against defined metrics and KPIs. Prepare and present regular reports on product status, challenges, and achievements to senior management and relevant stakeholders, ensuring that insights inform future product iterations. Develop and Refine Product Requirements: Create high-level product requirements based on the strategic vision and market needs. Decompose these into detailed, actionable technical specifications and user stories for development teams. Collaborate with stakeholders to ensure requirements are comprehensive and accurately reflect business objectives and user expectations. Stakeholder Communication: Maintain effective communication channels with both internal and external stakeholders. Translate complex technical details into clear, actionable information to assist in decision-making processes and ensure alignment with the product's strategic goals. WHAT YOU BRING 3+ years of experience in developing and managing product requirements for Cybersecurity products and services in a Cloud provider environment. Cybersecurity Project and Program Management experience; experience and/or knowledge with Endpoint Detection and Response (EDR) and Endpoint Protection Platform (EPP) is a must. Proficiency in communicating with multiple stakeholders, business and technical, internal and external, to clarify and shape the technical requirements. Proficiency in decomposing the requirements into work items, e.g. Stories. Experience in working with Jira, Confluence, or similar tools. Experience in analyzing, modeling, and describing business processes and customer journey maps. Ability to provide constructive feedback when validating requirements match during demonstrations. Understanding of the software development lifecycle, experience in the Agile software development process. Data-driven personality with basic statistical analysis skills. Working proficiency level of English, both written and verbal. Please submit your resume and application in English.
Dec 01, 2024
Full time
Acronis is revolutionizing cyber protection-providing natively integrated, all-in-one solutions that monitor, control, and protect the data that businesses and lives depend on. We are looking for a Senior Product Manager to join our mission to create a future and protect all data, applications and systems across any environment. The ideal candidate for this position is a professional with a strong passion for technology and innovation who can guide products from start to launch specifically in the Cybersecurity space. You will collaborate with forward-thinking engineers and excited customers to ensure we have the most competitive and relevant cybersecurity solutions for services providers and enterprise customers. WHAT YOU'LL DO Support Product Strategy Development: Assist in formulating and refining the product vision and strategy for cybersecurity products. Collaborate closely with senior product leaders to align these strategies with broader business objectives while adapting to market demands and technological trends. Feature Planning and Execution: Aid in the definition and prioritization of product features and enhancements based on customer insights, competitive analysis, and technological advancements. Coordinate with the engineering and design teams to ensure timely and quality execution of the product roadmap. Collaborate with Cross-functional Teams: Work alongside engineering, marketing, sales, and customer support teams to facilitate the development and launch of product initiatives. Ensure seamless communication and coordination across teams to maintain project timelines and achieve collective goals. Market and Competitor Analysis: Continuously monitor and analyze cybersecurity trends, competitor strategies, and industry standards to inform product development decisions. Leverage this knowledge to contribute to product differentiation and positioning. Performance Metrics and Reporting: Utilize data analytics to track product performance against defined metrics and KPIs. Prepare and present regular reports on product status, challenges, and achievements to senior management and relevant stakeholders, ensuring that insights inform future product iterations. Develop and Refine Product Requirements: Create high-level product requirements based on the strategic vision and market needs. Decompose these into detailed, actionable technical specifications and user stories for development teams. Collaborate with stakeholders to ensure requirements are comprehensive and accurately reflect business objectives and user expectations. Stakeholder Communication: Maintain effective communication channels with both internal and external stakeholders. Translate complex technical details into clear, actionable information to assist in decision-making processes and ensure alignment with the product's strategic goals. WHAT YOU BRING 3+ years of experience in developing and managing product requirements for Cybersecurity products and services in a Cloud provider environment. Cybersecurity Project and Program Management experience; experience and/or knowledge with Endpoint Detection and Response (EDR) and Endpoint Protection Platform (EPP) is a must. Proficiency in communicating with multiple stakeholders, business and technical, internal and external, to clarify and shape the technical requirements. Proficiency in decomposing the requirements into work items, e.g. Stories. Experience in working with Jira, Confluence, or similar tools. Experience in analyzing, modeling, and describing business processes and customer journey maps. Ability to provide constructive feedback when validating requirements match during demonstrations. Understanding of the software development lifecycle, experience in the Agile software development process. Data-driven personality with basic statistical analysis skills. Working proficiency level of English, both written and verbal. Please submit your resume and application in English.
SOC Security Engineer Salary - 70,000 + 10% Bonus & Benefits Location - London / Reading (Hybrid - 2/3 days in office per week) Currently working with the most technologically advanced Telco firm in Europe who are hiring for a Senior SOC Engineer to enhance their Cyber Detection, Response and Investigation capability. Working in the Cyber Defence function, you will be responsible for continuously enhancing and fine-tuning the cyber detection, monitoring and response tooling; ensuring they are protected against the ever-evolving threat landscape and mapped against the MITRE ATT&CK framework and cyber kill-chain. Knowledge of the Telco landscape and the associated threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc) will be essential. This is genuinely an incredible opportunity to shape how security is built within one of the most exciting tech giants with one of the largest digital footprints worldwide, where you will have exposure to an unprecedented volume of attacks from some of the most sophisticated (nation state sponsored) threat actors. Key Responsibilities Design, build and deploy security tooling to monitor, detect and respond to security events within a complex technical environment. Lead response and investigation to cyber incidents, in turn continuously building out the playbooks and streamlining the process. Work with wider development teams to ensure security is incorporated throughout entire SDLC. Ensuring protection against Telco industry specific related threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc). Key Requirements 4+ years' experience working in an advanced Security Engineering capacity; developing and deploying cyber monitoring and detection tooling. Previous experience using Microsoft Stack such as Azure, Sentinel and KQL for over 4+ years. Knowledge of telco related threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc) If you're an experienced security engineer with experience of working in a fast-paced, innovative environment, looking to join an a truly elite organisation and get your hands dirty in a complex but highly advanced technical environment - click apply or get in touch directly. Lawrence Harvey is acting as an Employment Business in regards to this position. Visit our website and follow us on Twitter for all live vacancies (lawharveyjobs)
Nov 29, 2024
Full time
SOC Security Engineer Salary - 70,000 + 10% Bonus & Benefits Location - London / Reading (Hybrid - 2/3 days in office per week) Currently working with the most technologically advanced Telco firm in Europe who are hiring for a Senior SOC Engineer to enhance their Cyber Detection, Response and Investigation capability. Working in the Cyber Defence function, you will be responsible for continuously enhancing and fine-tuning the cyber detection, monitoring and response tooling; ensuring they are protected against the ever-evolving threat landscape and mapped against the MITRE ATT&CK framework and cyber kill-chain. Knowledge of the Telco landscape and the associated threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc) will be essential. This is genuinely an incredible opportunity to shape how security is built within one of the most exciting tech giants with one of the largest digital footprints worldwide, where you will have exposure to an unprecedented volume of attacks from some of the most sophisticated (nation state sponsored) threat actors. Key Responsibilities Design, build and deploy security tooling to monitor, detect and respond to security events within a complex technical environment. Lead response and investigation to cyber incidents, in turn continuously building out the playbooks and streamlining the process. Work with wider development teams to ensure security is incorporated throughout entire SDLC. Ensuring protection against Telco industry specific related threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc). Key Requirements 4+ years' experience working in an advanced Security Engineering capacity; developing and deploying cyber monitoring and detection tooling. Previous experience using Microsoft Stack such as Azure, Sentinel and KQL for over 4+ years. Knowledge of telco related threats (DLL Sideloading, LOLBins, SIM Swapping, IMSI, Global Titles, 4g Infrastructure, etc) If you're an experienced security engineer with experience of working in a fast-paced, innovative environment, looking to join an a truly elite organisation and get your hands dirty in a complex but highly advanced technical environment - click apply or get in touch directly. Lawrence Harvey is acting as an Employment Business in regards to this position. Visit our website and follow us on Twitter for all live vacancies (lawharveyjobs)
Forter is looking for a Senior SOC Engineer to enhance our security operations and ensure robust protection against sophisticated threats. This role is crucial for maintaining our Security Operations as a high-performing and resilient hub that can quickly adapt to emerging security challenges in the fintech industry. You will take the lead in refining our SOC capabilities by monitoring network traffic, analyzing security incidents, managing security tools, automating processes, and providing expertise to SOC analysts, without having direct management responsibilities. The Senior SOC Engineer collaborates with cross-functional teams to build defenses, respond to incidents, and design strategies for robust cybersecurity posture. Why should you join us? At Forter, you'll play a critical role in defending against sophisticated threats in a high-stakes fintech environment. As a Senior SOC Engineer, you will: Shape the Future of Security : Lead initiatives to enhance our SOC capabilities, using cutting-edge technologies and automation tools to protect against advanced threats in real-time. Make an Outsized Impact : Your work will directly influence Forter's ability to safeguard millions of transactions for major clients like Nordstrom, Priceline, and ASOS, enhancing customer trust and revenue growth. Work with a Talented Team : Collaborate with industry-leading experts in cloud security, fraud prevention, and data analytics. Forter is driven by a culture of excellence, continuous learning, and innovation. Access to Leading-Edge Tools : You will have the freedom to experiment with the latest SIEM, SOAR, EDR, and cloud-native security technologies, empowering you to stay at the forefront of cybersecurity practices. This is more than just a job; it's an opportunity to grow your expertise in a dynamic, supportive environment while making a tangible impact on the digital commerce industry. What you will be doing: Security Engineering & Automation : Oversee the deployment, configuration, and tuning of SOC related security tools to enhance detection accuracy, reduce false positives, and manage end-to-end EDR operations. Drive improvements in SOC workflows, automating enrichment processes, and developing playbooks for more efficient alert handling. Security Monitoring & Threat Detection : Continuously monitor security alerts, events, and IoCs across all platforms. You'll build and deploy queries and scripts, and create dashboards and workflows to enhance visibility and reporting. Proactive Threat Hunting : Develop and implement threat hunting procedures to proactively identify potential risks and vulnerabilities before they escalate. Cloud Security Monitoring : Analyze and manage AWS security logs through the SIEM, while also engaging directly with AWS security services and CSPM responsible team for proactive defense and monitoring in the cloud environment. Incident Response : Enhance the IRP and coordinate with the SOC team and cross-functional teams during the incident response lifecycle, focusing on containment, eradication, recovery, and post-incident analysis. Vendor Coordination : Collaborate with third-party vendors as needed for managed security services and specialized tools. Mentorship : Mentor junior security team members, providing guidance on incident handling and security best practices. What you'll need? Experience : Minimum of 5+ years in SOC or incident response roles, with hands-on experience in threat detection and mitigation. Technical Skills : Strong capability in threat detection, incident response, and analysis of complex attack patterns, with a focus on the AWS environment. Skilled in writing SIEM queries, alerts, and dashboards. End-to-End Investigations & Network Protocols : Extensive experience with end-to-end investigations, handling security incidents, and deep knowledge of security network protocols, along with familiarity with the OWASP Top 10 vulnerabilities. EDR Expertise : Hands-on experience managing EDR tools, including end-to-end operations from deployment and configuration to analysis and response. Scripting & Automation : Knowledge of scripting languages such as Python, SQL, or Bash to automate SOC workflows. Core Skills : Strong problem-solving, organizational, and analytical skills, with attention to detail and a security-first approach to translating complex issues into solutions. Excellent communication skills for effective collaboration and reporting. Continuous learning mindset with an eagerness to stay updated on cybersecurity trends. It'd be cool if you also: NOT A MUST Familiar with industry frameworks (ISO 27001, PCI-DSS, SOC2, NIST, etc.) and regulatory requirements. Have one or more certifications: GCIH, GIAC, CSA, CompTIA CySA+, or other relevant certifications. About us: Digital commerce is built on trust. At every point along the eCommerce journey, businesses must make a critical decision: Can I trust this customer? Answering this simple question accurately and instantly is powerful-it can accelerate revenue growth and strengthen a company's connection with its customers. How do we do it? Forter was founded on the insight that it's not about what is being purchased, nor where-but who is behind the interaction. The Forter Decision Engine finds patterns across more than one billion identities in our dataset. We isolate fraudsters and protect customers-ensuring everyone gets the experience they deserve. Given that trust is central to how we operate, Forter is very much driven by a defined set of values. We attract remarkable talent and have retention and engagement levels that are well above benchmarks. We're meticulous about strengthening our culture as we grow and ensuring this is an environment where people can have outsized impact. Trust is backed by data - Forter is a recipient of over 10 workplace and innovation awards, including: Great Place to Work Certification (2021, 2022, 2023) Fintech Breakthrough Awards - Best Fraud Prevention Platform (2023) Life as a Forterian: We are a team of over 500 Forterians spread across 3 different continents. Since 2013, we've raised $525 million from investors such as Tiger Global, Bessemer, Sequoia Capital, March Capital and Salesforce Ventures. We're on a mission to bring trust to global digital commerce so that companies like Nordstrom, Priceline, Instacart and ASOS can block fraud, drive revenue and improve customer experience. At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company. Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law. If you need assistance or an accommodation due to a disability, please email us at . This information will be treated as confidential and used only for the purpose of determining an appropriate accommodation for the interview process.
Nov 27, 2024
Full time
Forter is looking for a Senior SOC Engineer to enhance our security operations and ensure robust protection against sophisticated threats. This role is crucial for maintaining our Security Operations as a high-performing and resilient hub that can quickly adapt to emerging security challenges in the fintech industry. You will take the lead in refining our SOC capabilities by monitoring network traffic, analyzing security incidents, managing security tools, automating processes, and providing expertise to SOC analysts, without having direct management responsibilities. The Senior SOC Engineer collaborates with cross-functional teams to build defenses, respond to incidents, and design strategies for robust cybersecurity posture. Why should you join us? At Forter, you'll play a critical role in defending against sophisticated threats in a high-stakes fintech environment. As a Senior SOC Engineer, you will: Shape the Future of Security : Lead initiatives to enhance our SOC capabilities, using cutting-edge technologies and automation tools to protect against advanced threats in real-time. Make an Outsized Impact : Your work will directly influence Forter's ability to safeguard millions of transactions for major clients like Nordstrom, Priceline, and ASOS, enhancing customer trust and revenue growth. Work with a Talented Team : Collaborate with industry-leading experts in cloud security, fraud prevention, and data analytics. Forter is driven by a culture of excellence, continuous learning, and innovation. Access to Leading-Edge Tools : You will have the freedom to experiment with the latest SIEM, SOAR, EDR, and cloud-native security technologies, empowering you to stay at the forefront of cybersecurity practices. This is more than just a job; it's an opportunity to grow your expertise in a dynamic, supportive environment while making a tangible impact on the digital commerce industry. What you will be doing: Security Engineering & Automation : Oversee the deployment, configuration, and tuning of SOC related security tools to enhance detection accuracy, reduce false positives, and manage end-to-end EDR operations. Drive improvements in SOC workflows, automating enrichment processes, and developing playbooks for more efficient alert handling. Security Monitoring & Threat Detection : Continuously monitor security alerts, events, and IoCs across all platforms. You'll build and deploy queries and scripts, and create dashboards and workflows to enhance visibility and reporting. Proactive Threat Hunting : Develop and implement threat hunting procedures to proactively identify potential risks and vulnerabilities before they escalate. Cloud Security Monitoring : Analyze and manage AWS security logs through the SIEM, while also engaging directly with AWS security services and CSPM responsible team for proactive defense and monitoring in the cloud environment. Incident Response : Enhance the IRP and coordinate with the SOC team and cross-functional teams during the incident response lifecycle, focusing on containment, eradication, recovery, and post-incident analysis. Vendor Coordination : Collaborate with third-party vendors as needed for managed security services and specialized tools. Mentorship : Mentor junior security team members, providing guidance on incident handling and security best practices. What you'll need? Experience : Minimum of 5+ years in SOC or incident response roles, with hands-on experience in threat detection and mitigation. Technical Skills : Strong capability in threat detection, incident response, and analysis of complex attack patterns, with a focus on the AWS environment. Skilled in writing SIEM queries, alerts, and dashboards. End-to-End Investigations & Network Protocols : Extensive experience with end-to-end investigations, handling security incidents, and deep knowledge of security network protocols, along with familiarity with the OWASP Top 10 vulnerabilities. EDR Expertise : Hands-on experience managing EDR tools, including end-to-end operations from deployment and configuration to analysis and response. Scripting & Automation : Knowledge of scripting languages such as Python, SQL, or Bash to automate SOC workflows. Core Skills : Strong problem-solving, organizational, and analytical skills, with attention to detail and a security-first approach to translating complex issues into solutions. Excellent communication skills for effective collaboration and reporting. Continuous learning mindset with an eagerness to stay updated on cybersecurity trends. It'd be cool if you also: NOT A MUST Familiar with industry frameworks (ISO 27001, PCI-DSS, SOC2, NIST, etc.) and regulatory requirements. Have one or more certifications: GCIH, GIAC, CSA, CompTIA CySA+, or other relevant certifications. About us: Digital commerce is built on trust. At every point along the eCommerce journey, businesses must make a critical decision: Can I trust this customer? Answering this simple question accurately and instantly is powerful-it can accelerate revenue growth and strengthen a company's connection with its customers. How do we do it? Forter was founded on the insight that it's not about what is being purchased, nor where-but who is behind the interaction. The Forter Decision Engine finds patterns across more than one billion identities in our dataset. We isolate fraudsters and protect customers-ensuring everyone gets the experience they deserve. Given that trust is central to how we operate, Forter is very much driven by a defined set of values. We attract remarkable talent and have retention and engagement levels that are well above benchmarks. We're meticulous about strengthening our culture as we grow and ensuring this is an environment where people can have outsized impact. Trust is backed by data - Forter is a recipient of over 10 workplace and innovation awards, including: Great Place to Work Certification (2021, 2022, 2023) Fintech Breakthrough Awards - Best Fraud Prevention Platform (2023) Life as a Forterian: We are a team of over 500 Forterians spread across 3 different continents. Since 2013, we've raised $525 million from investors such as Tiger Global, Bessemer, Sequoia Capital, March Capital and Salesforce Ventures. We're on a mission to bring trust to global digital commerce so that companies like Nordstrom, Priceline, Instacart and ASOS can block fraud, drive revenue and improve customer experience. At Forter, we believe unique people create unique ideas, and valuable experience comes in many forms. So, even if your background doesn't match everything we have listed in the job description, we still encourage you to apply and tell us why your skills and values could be an asset to us. By welcoming different perspectives, we grow together as humans and as a company. Forter is an Equal Employment Opportunity employer that will consider all qualified applicants, regardless of race, color, religion, gender, sexual orientation, marital status, gender identity or expression, national origin, genetics, age, disability status, protected veteran status, or any other characteristic protected by applicable law. If you need assistance or an accommodation due to a disability, please email us at . This information will be treated as confidential and used only for the purpose of determining an appropriate accommodation for the interview process.
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
Feb 01, 2024
Full time
Role OVO-View Location: Bristol, London, Glasgow or Remote! (You have the flexibility to work wherever suits you best) Team: Information Security Salary banding: £71,240 - £111,130 Experience: Expert Working pattern: Full-Time Reporting to: Head of Information Security Sponsorship: Unfortunately we are unable to offer sponsorship for this role. This role in 3 words: Creator, Challenger, Coach Top 3 qualities for this role: Problem-solver, Curious, Collaborative In the words of the team, you should leave your current role for this one because . "You'll manage the team that drives and enables security by default and design across OVOTech. This includes selecting and implementing coaching, workflows and tooling to model threats, identify security risks and embed and document verification of build and runtime security. The solutions that security engineering build and operate power the reduction of downside risk thereby enhancing the opportunities for technology to enable Plan Zero." Everyone belongs at OVO At OVO, we are on a mission to solve one of humanity's biggest challenges, the climate crisis. And we know it takes all of us to change the world. That's why we need diverse people from all abilities, gender identities, ethnicities, ages, sexual orientations, life experiences and backgrounds to join us. Teamworking for the planet Everything we do here spins around Plan Zero. So, naturally, the team you'll be joining plays a gigantic role in making that happen. Here's how: We're hiring creators, challengers and coaches. Every role we're hiring puts people at the heart of our information security strategy and uses technology and operational processes to build a resilient and performant business. The Path to Zero is paved with well-informed risk and reward decisions! This role in a nutshell: The security engineering team collaborates with OVO's Engineering teams to secure the design and configuration of OVO applications, infrastructure and secure access to OVO's resources. As a Senior Security Engineering Manager you'll pioneer an innovative and inclusive culture, inspire with compelling security stories and land messages with clarity to engage those who the team work with, both within and outside the Enterprise Security and Platforms team. You'll personally excel at implementing reliable tools to prevent, mitigate or automatically remediate mis-configurations and vulnerabilities and extending operational excellence across all OVO-built and accessed applications and infrastructure. Crucially you'll serve and care for the people in security engineering creating an inclusive culture so all of our people feel they truly belong, are heard, and are open and encouraged to contribute to OVO's security mission. Your key outcomes will be: Lead the strategic design of mechanisms to incentivise and enable the security of OVO's data, applications, infrastructure and access. Collaboration with engineering teams and system administrators to develop and configure comprehensive security measures that align with OVO's goals and objectives. Provide OVOTech with a range of centrally operated security mechanisms and services, including web application firewalls, cloud and application security platforms, threat and risk assessments and penetration testing. Implementing secure coding practices to prevent common vulnerabilities in software development. Provide the cyber defense team with support during and post incidents to contain the damage, mitigate the impact, and facilitate the recovery of affected systems and data. Lead the analysis of vulnerabilities, misconfigurations, near-misses and incidents to enhance future security issue and incident handling and improve overall security posture. This includes identifying lessons learned, implementing necessary changes to security controls and procedures, and supporting the training and awareness programme to educate employees on security best practices. Lead and develop a highly motivated and respected team which actively participates in community events, engages in continuous learning, and collaborates with other security professionals to stay updated on emerging threats and effective security strategies. Systems. Familiarity with the following technologies and platforms would be advantageous (not a must have or exhaustive list): Cloud Native Application Protection and Cloud Security Posture Management (e.g. Wiz) GCP, AWS and Azure native security and compliance monitoring CI/CD product development pipelines and automation SaaS discovery, event monitoring and security posture management Identity and Access Management and Privileged Access Management platforms Application Security Verification Standard and related technologies Web Application Firewall and Zero Trust Solutions (e.g. Cloudflare, BeyondCorps) Security Information and Event Management (SIEM) and Security Orchestration and Automated Response (SOAR) Endpoint, Cloud and Identity Detection and Response Issue and Project Tracking (Jira) Cyber Asset and Attack Surface Management Infrastructure Vulnerability Scanning You'll be a successful Senior Security Engineering Manager at OVO if you Are a coach: you lead your engineering community and provide practical support and approaches to integrate security with OVOTech and business processes. You inspire others to develop simpler more automated approaches to embedding security by default and design. Are a challenger: you embrace failure and do not shy away from difficult conversations in order to drive security, product and engineering alignment. You are a champion for maximising the use of data and technology to enhance productivity and effective outcomes of security work. Are a creator: you are a hands-on engineer who understands the value of rotating between solving engineering problems and stepping back to view a longer time horizon. Switching between roadmap and sprint is something you control rather than are controlled by. Let's talk about what's in it for you We'll pay you between £71,240 - £111,130, depending on your specific skills and experience. If your expectations are a little different, have a chat with us! We keep our pay ranges broad on purpose to give us, and you, flexibility to match your experience to our zero carbon mission. You'll be eligible for an on-target bonus of 15%. We have one OVO bonus plan that focuses on the collective performance of our people to deliver our Plan Zero goal. We also offer plenty of green benefits and progressive policies to help you feel like you belong at OVO and there's flex pay. It's an extra 9% of your salary on top of your core pay to use as you like. You can take it as cash, add to your pension, or choose to spend it on a huge range of flex benefits. Here's a taster of what's on offer: For starters, you'll get 34 days of holiday (including bank holidays). For your health With benefits like a healthcare cash plan or private medical insurance depending on your career level, critical illness cover, life assurance, health assessments, and more For your wellbeing With gym membership, gadget, travel and cyber insurance, workplace ISA, will writing services, DNA testing, dental insurance, and more For your lifestyle With extra holiday buying, discount dining, culture cards, tech loans, and supporting your favourite charities with give-as-you-earn donations For your home Get up to £300 off any OVO Energy plan (when you pay by Direct Debit), plus personal carbon offsetting and great discounts on smart thermostats and EV chargers For your commute Nab a great deal on ultra-low emission car leasing , plus our cycle to work scheme and public transport season ticket loans Want to hear about our full range of flexible benefits and progressive people policies? Our People Team can tell you everything you need to know. For your Belonging To find better ways to support our people, we need to listen to each other's experiences and find ways to build a truly inclusive and diverse workplace. As part of this, we have 8 Belonging Networks at OVO. Led by our people, for our people - so when you join OVO, you can play a part - big or small - with any of the Networks. It's up to you. Oh, and one last thing We'd be thrilled if you tick off all our boxes, yet we also believe it's just as important we tick off all of yours. And if you think you have most of what we're looking for but not every single thing, go ahead and hit apply . We'd still love to hear from you! If you have any additional requirements, there's a space to let us know on the application form; we want to make the process as easy and comfortable for you as possible
External Description Job Title: Lead SOC Analyst Location: Luton/Hybrid Salary: up to £75,000 + bonus depending on experience We are working with one of the leading airlines as they dominate their sector with Security investment and expansion. They are implementing state-of-the-art Security technologies and processes and want you to be part of it. They are not only disrupting the way people travel but also the way in which they are building their Security function. As a senior member of the Security Operations SOC function you will work within a multidisciplinary SOC focused team preparing for and responding to security incidents. Here's some of the work you will be doing: Rapid response, detection, isolation, and remediation of security incidents. Mentoring and training more junior team members Establish and maintain operational security standards, processes, procedures, and guidelines. Monitoring internal and external security threats, as well as known vulnerabilities What you need to succeed: Experience of security engineering systems and controls, including, vulnerability management, web content filtering, intrusion prevention, SIEM & SOAR Experience analysing logs and creating automated log correlation using SIEM technologies Experience in integration, configuration, and automation of Security Operations tools ie SIEM, SOAR, ITSM, Vulnerability Management, Knowledge Management, Collaboration, etc If this sounds like a role you can get your teeth stuck into and make a real difference then please get in touch.
Feb 01, 2024
Full time
External Description Job Title: Lead SOC Analyst Location: Luton/Hybrid Salary: up to £75,000 + bonus depending on experience We are working with one of the leading airlines as they dominate their sector with Security investment and expansion. They are implementing state-of-the-art Security technologies and processes and want you to be part of it. They are not only disrupting the way people travel but also the way in which they are building their Security function. As a senior member of the Security Operations SOC function you will work within a multidisciplinary SOC focused team preparing for and responding to security incidents. Here's some of the work you will be doing: Rapid response, detection, isolation, and remediation of security incidents. Mentoring and training more junior team members Establish and maintain operational security standards, processes, procedures, and guidelines. Monitoring internal and external security threats, as well as known vulnerabilities What you need to succeed: Experience of security engineering systems and controls, including, vulnerability management, web content filtering, intrusion prevention, SIEM & SOAR Experience analysing logs and creating automated log correlation using SIEM technologies Experience in integration, configuration, and automation of Security Operations tools ie SIEM, SOAR, ITSM, Vulnerability Management, Knowledge Management, Collaboration, etc If this sounds like a role you can get your teeth stuck into and make a real difference then please get in touch.
Director - Cyber Defense Operations DFIR The Director Cyber Defence Operations is responsible for leading a global team providing proactive threat detection and response capabilities across a vast technology environment encompassing both traditional on-premise and cutting-edge cloud native assets. The role will drive the strategic direction of the function, as well as providing hands-on expertise in predicting, preventing, detecting and responding to security threats of all types and sophistications. The Director Cyber Defence Operations will be a vocal proponent of modern approaches to autonomic security operations, driving a threat intelligence lead, data driven and engineering rooted philosophy across the team and wider business. The ideal candidate will be as comfortable presenting to senior stakeholders as they are deep in the depths of a complex and multi-faceted digital forensics investigation and will thrive on coming up with exciting new solutions to a broad range of standard and cutting-edge problems and seeing them through from design to execution. The Director Cyber Defence Operations will be a role model to the team and will succeed by continually upskilling others through their experiences, mindset and capabilities. Always challenging the status quo, looking at areas for development and not being afraid to seek out and eradicate problems to ensure the security of the business. Key Responsibilities: Lead and manage a global team of specialists performing continuous threat detection and response operations including: Signals acquisition Detection engineering Attack analysis Proactive threat hunting Incident response / incident management Digital forensics / malware analysis Own, develop, maintain and exercise cyber incident response plans, processes and playbooks. Work closely with Security Engineering teams to: Recommend system tuning/configuration improvements. Leverage and oversee automation & orchestration initiatives. Identify opportunities for application of data science techniques. Drive strategic capability development roadmap for TDR. Integration and exploitation of cyber threat intelligence in conjunction with internal CTI team and external sources. Ensure operational excellence through measurements, KPIs, reporting and continual process improvement. Evangelise forward thinking data and engineering lead operational models such as: Detection-as-code Autonomic security operations DevSecOps Continuous validation/testing Cloud-native security operations. Develop and manage a personnel skill and capabilities development framework. Continuous professional development through training, conferences and self-education. Required Skills: Significant and demonstrable experience working in advanced detection, threat hunting and/or incident response function as a lead. Experience developing incident response processes and supporting documentation. Understanding and application of proactive hypothesis-based threat hunting methodologies. Application and exploitation of common frameworks such as MITRE ATT&CK, NIST etc. Proficient in performing complex investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools across Windows, MacOS and Linux. Hands-on experience with modern detection technologies such as EDR/XDR, SIEM (Splunk/Sentinel), SOAR, NIPS/HIPS. Extensive knowledge of networking concepts, including network detection and response tooling and intrusion prevention (Snort, Zeek, Suricata etc.) Proficient with investigating large-scale data compromise events across a hybrid on-premise, public and private cloud environment (AWS, Azure, GCP preferred). Understanding and experience investigating and responding to incidents in cloud native technologies such as containers (Kubernetes, AWS ECS/Fargate) and serverless (AWS Lambda). Knowledge of digital forensics forensic best practices and industry standard methodologies including chain of custody, evidence acquisition and appropriate tooling (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT etc.) Able to articulate and visually present complex forensic investigation and analysis results equally effectively to both industry professionals and internal business partners. Proficiency in at least one or more modern programming or scripting languages (Python, Go, Rust etc.) Evidence of previous security solution design, implementation and engineering successes. Understating of DevSecOps approach and implementation of "everything-as-code" models. Experience acting as a technical team lead and mentor to junior team members. Strong verbal and written communication skills. Qualifications & Experience: Degrees non-essential - equivalent prior work experience in the field, a must. Industry standard certifications (GCFA, GNFA, GCFE, CFCE, OSCP, CREST etc) are a plus but not essential. Memberships and participation in relevant professional associations (ISC2, ISACA etc). Previous contributions to the industry (conference talks, code projects, volunteering). Job: TECHNOLOGY Organization: Corporate Strategy & Technology Schedule: FULL_TIME Req ID: 9085
Dec 06, 2022
Full time
Director - Cyber Defense Operations DFIR The Director Cyber Defence Operations is responsible for leading a global team providing proactive threat detection and response capabilities across a vast technology environment encompassing both traditional on-premise and cutting-edge cloud native assets. The role will drive the strategic direction of the function, as well as providing hands-on expertise in predicting, preventing, detecting and responding to security threats of all types and sophistications. The Director Cyber Defence Operations will be a vocal proponent of modern approaches to autonomic security operations, driving a threat intelligence lead, data driven and engineering rooted philosophy across the team and wider business. The ideal candidate will be as comfortable presenting to senior stakeholders as they are deep in the depths of a complex and multi-faceted digital forensics investigation and will thrive on coming up with exciting new solutions to a broad range of standard and cutting-edge problems and seeing them through from design to execution. The Director Cyber Defence Operations will be a role model to the team and will succeed by continually upskilling others through their experiences, mindset and capabilities. Always challenging the status quo, looking at areas for development and not being afraid to seek out and eradicate problems to ensure the security of the business. Key Responsibilities: Lead and manage a global team of specialists performing continuous threat detection and response operations including: Signals acquisition Detection engineering Attack analysis Proactive threat hunting Incident response / incident management Digital forensics / malware analysis Own, develop, maintain and exercise cyber incident response plans, processes and playbooks. Work closely with Security Engineering teams to: Recommend system tuning/configuration improvements. Leverage and oversee automation & orchestration initiatives. Identify opportunities for application of data science techniques. Drive strategic capability development roadmap for TDR. Integration and exploitation of cyber threat intelligence in conjunction with internal CTI team and external sources. Ensure operational excellence through measurements, KPIs, reporting and continual process improvement. Evangelise forward thinking data and engineering lead operational models such as: Detection-as-code Autonomic security operations DevSecOps Continuous validation/testing Cloud-native security operations. Develop and manage a personnel skill and capabilities development framework. Continuous professional development through training, conferences and self-education. Required Skills: Significant and demonstrable experience working in advanced detection, threat hunting and/or incident response function as a lead. Experience developing incident response processes and supporting documentation. Understanding and application of proactive hypothesis-based threat hunting methodologies. Application and exploitation of common frameworks such as MITRE ATT&CK, NIST etc. Proficient in performing complex investigations on a variety of platforms and operating systems with a deep understanding of digital forensics processes and tools across Windows, MacOS and Linux. Hands-on experience with modern detection technologies such as EDR/XDR, SIEM (Splunk/Sentinel), SOAR, NIPS/HIPS. Extensive knowledge of networking concepts, including network detection and response tooling and intrusion prevention (Snort, Zeek, Suricata etc.) Proficient with investigating large-scale data compromise events across a hybrid on-premise, public and private cloud environment (AWS, Azure, GCP preferred). Understanding and experience investigating and responding to incidents in cloud native technologies such as containers (Kubernetes, AWS ECS/Fargate) and serverless (AWS Lambda). Knowledge of digital forensics forensic best practices and industry standard methodologies including chain of custody, evidence acquisition and appropriate tooling (X-Ways, EnCase, Volatility, Rekall, Wireshark, SIFT etc.) Able to articulate and visually present complex forensic investigation and analysis results equally effectively to both industry professionals and internal business partners. Proficiency in at least one or more modern programming or scripting languages (Python, Go, Rust etc.) Evidence of previous security solution design, implementation and engineering successes. Understating of DevSecOps approach and implementation of "everything-as-code" models. Experience acting as a technical team lead and mentor to junior team members. Strong verbal and written communication skills. Qualifications & Experience: Degrees non-essential - equivalent prior work experience in the field, a must. Industry standard certifications (GCFA, GNFA, GCFE, CFCE, OSCP, CREST etc) are a plus but not essential. Memberships and participation in relevant professional associations (ISC2, ISACA etc). Previous contributions to the industry (conference talks, code projects, volunteering). Job: TECHNOLOGY Organization: Corporate Strategy & Technology Schedule: FULL_TIME Req ID: 9085
We are actively recruiting for a Security Consultant to work in our SOC Consulting services, within our Detection & Response (D&R) Practice. Working to support our customers assess their SOC capabilities, align on the right direction for meeting their business needs and completing the transformation journey. Remote UK locations are available with occasional travel to either Adarma offices and customer locations. What you'll do For our customers, you'll be both a true partner and a trusted source of expert insight and advice. Leading on either one critical security area or broader strategic challenges, you'll understand and analyse their needs, before recommending the right way forward. you'll also scope complex projects and support the development and implementation of new solutions. And you'll drive our own progress too mentoring a team and helping our pre-sales team develop new opportunities for us to make an impact. How you'll grow We have a strong culture of learning and development, so you'll have plenty of opportunity to grow in your specialist area and beyond. In time, you could progress to Senior Consultant, or focus more on your technical skills in a senior engineer or architect role. What you'll bring You have a solid knowledge of security operations processes and tools plus best practice in fields such as SIEM solution design, use case development, SOC maturity, XDR/EDR, Log Management and detection testing. Crucially, you re an outstanding communicator and relationship builder too, able to bring the best out of others. Previous experience in the design and reviewing of security detection solutions Experienced in the implementation and management of SIEM, EDR and NDR technologies (eg Splunk, Microsoft Sentinel/Defender, CrowdStrike Falcon/Humio, Google Chronicle, SentinelOne, ArcSight, QRadar, Logrythm, Vectra, ExtraHop, etc) Previous experience in designing and implementing detection and response use cases with data source analysis and onboarding Experience of complex and/or large-scale security detection solutions Previous project experience from a Consultancy perspective; commercial acumen IT Security/Cyber Security project experience A security operations expert with broad experience and CISSP/CISM certification or equivalent, you know how to plan and deliver complex cybersecurity projects. Benefits Excellent compensation and benefits package, including Company Pension, Private Health Care and Cash-Back Plan, Car Leasing Scheme and more Ongoing training and development opportunities, resulting in industry recognised accreditations and qualifications Flexible working hours, occasional home office (where possible) We encourage autonomy and entrepreneurship enabling our consultants and employees to influence the strategy and direction of the business Adarma We began life in 2009, with a fierce determination to make cyber resilience a reality for every organisation, every day. This has guided us as we've adapted and grown to become one of the UK's leading threat specialists. Our journey is remarkable. But what's ahead is even more inspiring. Together, we're growing and transforming like never before. We're partnering with even more customers and creating more innovative and resilient solutions. And we're taking our thinking and our whole sector further, every single day.
Sep 20, 2022
Full time
We are actively recruiting for a Security Consultant to work in our SOC Consulting services, within our Detection & Response (D&R) Practice. Working to support our customers assess their SOC capabilities, align on the right direction for meeting their business needs and completing the transformation journey. Remote UK locations are available with occasional travel to either Adarma offices and customer locations. What you'll do For our customers, you'll be both a true partner and a trusted source of expert insight and advice. Leading on either one critical security area or broader strategic challenges, you'll understand and analyse their needs, before recommending the right way forward. you'll also scope complex projects and support the development and implementation of new solutions. And you'll drive our own progress too mentoring a team and helping our pre-sales team develop new opportunities for us to make an impact. How you'll grow We have a strong culture of learning and development, so you'll have plenty of opportunity to grow in your specialist area and beyond. In time, you could progress to Senior Consultant, or focus more on your technical skills in a senior engineer or architect role. What you'll bring You have a solid knowledge of security operations processes and tools plus best practice in fields such as SIEM solution design, use case development, SOC maturity, XDR/EDR, Log Management and detection testing. Crucially, you re an outstanding communicator and relationship builder too, able to bring the best out of others. Previous experience in the design and reviewing of security detection solutions Experienced in the implementation and management of SIEM, EDR and NDR technologies (eg Splunk, Microsoft Sentinel/Defender, CrowdStrike Falcon/Humio, Google Chronicle, SentinelOne, ArcSight, QRadar, Logrythm, Vectra, ExtraHop, etc) Previous experience in designing and implementing detection and response use cases with data source analysis and onboarding Experience of complex and/or large-scale security detection solutions Previous project experience from a Consultancy perspective; commercial acumen IT Security/Cyber Security project experience A security operations expert with broad experience and CISSP/CISM certification or equivalent, you know how to plan and deliver complex cybersecurity projects. Benefits Excellent compensation and benefits package, including Company Pension, Private Health Care and Cash-Back Plan, Car Leasing Scheme and more Ongoing training and development opportunities, resulting in industry recognised accreditations and qualifications Flexible working hours, occasional home office (where possible) We encourage autonomy and entrepreneurship enabling our consultants and employees to influence the strategy and direction of the business Adarma We began life in 2009, with a fierce determination to make cyber resilience a reality for every organisation, every day. This has guided us as we've adapted and grown to become one of the UK's leading threat specialists. Our journey is remarkable. But what's ahead is even more inspiring. Together, we're growing and transforming like never before. We're partnering with even more customers and creating more innovative and resilient solutions. And we're taking our thinking and our whole sector further, every single day.
Background PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators, intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services. Our multi-disciplined Cyber Incident Response (CIR) practice is central to this. Our team supports PwC's clients in crisis to prepare, respond and recover from cyber attacks, as well as reduce the risk of attacks by using the insights we have gained from being at the front-lines of investigating these attacks. Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years. A key part of this will be increasing our capacity to help our clients prepare for and reduce the risk of attacks. This includes working with our clients' security operations teams to improve their ability to detect and respond to attacks, and with their IT teams to implement targeted technical improvements that increase "cost to the attacker". Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwC's dedicated crisis coordination team to provide support to clients at all levels of their organisations. Experience We want team members with a strong technical understanding of how organisations can prevent, detect, assess and respond to cybersecurity threats and incidents, as well as how to build best of class incident response and security operations capabilities. We also want team members who will be passionate about developing and improving our technical consulting offerings using the insights gained from being at the front-lines of investigating these cyber attacks. You should have a proven ability to lead teams and projects to deliver improvements to security operations and incident response functions, across people, process and technology. You will have an in-depth understanding of the processes, techniques and tools used by security operations and incident response teams. We are also looking for team members with high levels of communication skills, as well as consulting and project management experience. You will also be able to easily flex between work with both technical client stakeholders, such as SOC analysts, as well as senior stakeholders such as a Head of SOCs, Head of Cyber Security or CIO. You will ideally have experience such as: Developing cyber incident response plan, playbooks and processes that allow security operations team to rapidly and effectively respond to incidents; Collaborating with incident response teams to plan and deliver targeted remediation activities after cyber security incidents; Designing prevention, detection and response strategies for organisations based on threat actor tools, techniques and procedures; Building effective security operations capabilities and using purple team engagements to tune and validate detection tooling; Working collaboratively with IT teams to remediate vulnerabilities identified through red team engagements, penetration testing and vulnerability scanning; Planning and coordination of large-scale security incident response, remediation and recovery efforts involving multiple parties and teams; Acting as the subject matter expert or technical team lead for organisations in cyber crisis and data breach situations, and providing technical response strategy and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents. A robust understanding of: The typical techniques used by attackers, ranging from criminal to state affiliated groups. Preventing and detecting common attacker techniques and the MITRE ATT&CK framework; Tuning and configuring cyber security tools, for example SIEM and EDR tooling; How enterprise IT networks, Active Directory and Azure AD operate. Responsibilities We are looking for passionate, motivated and experienced individuals that can lead our work helping clients prepare for and reduce the risk of attacks. As this role would be part of our multidisciplinary Cyber Incident Response practice, this role would also include assisting the wider team to help clients respond to cyber security incidents and to manage our profilo of cyber incident response retainers. Lead client engagements across our incident response services portfolio to help clients prepare for and reduce the risk of attacks, acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for the technical excellence of our delivery, examples include: Assessing organisations' ability to detect and respond to cyber attacks; Understanding organisations' vulnerability to specific cyber security threats; Delivering remediation projects for client's who have had cyber security incidents, and assisting plan cyber transformations; Testing and improving cyber incident response plans, runbooks and processes; Designing and implementing improvements to our clients detection tooling; Using purple teaming to tune and validate detection capabilities; and, Implementing targeted improvements to increase cost to the attacker. Contribute to capability development, proposition development and thought leadership initiatives; Provide mentoring and oversight to the incident response practice to help the team grow and develop; Collaborate and build relationships with PwC's wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work; Originate, cultivate and maintain relationships with existing and new clients, and support outreach and business development efforts in collaboration with other teams; Develop, enhance or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities for innovation or market disruption; Support the execution of our business strategy and growing PwC's reputation in the cyber security market, for example by taking on responsibility for relationships with third parties such as technology alliance partners; and, Play a key role in PwC's global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues. . Risk We're a leading provider of trust in the digital world - in the eyes of our people, our clients and our stakeholders. Today's business environment is different. More complex. More connected. Companies not only face new and unknown risks, but also new and untapped opportunities. Our team is at the forefront of this change, join us to be a part of transforming how risk is perceived and capitalised on. Not the role for you? Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)? The skills we look for in future employees All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships. Learn more here: The Deal We want all of our people to feel empowered to be the best that they can be, which is why we have 'The Deal'. Find out more about our firmwide Employee Value Proposition: Diversity Valuing Difference. Driving Inclusion. We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.
Dec 08, 2021
Full time
Background PwC is a market leading provider of cyber security services to major organisations worldwide. Our global team of over 4,850 cybersecurity professionals includes specialised consultants, former law enforcement officials, forensic investigators, intelligence analysts, data scientists, legal professionals and industry leaders in cybersecurity and privacy. We are rated as a leader by multiple industry analysts for Global, EMEA and Asia-Pacific Cybersecurity Consulting services. Our multi-disciplined Cyber Incident Response (CIR) practice is central to this. Our team supports PwC's clients in crisis to prepare, respond and recover from cyber attacks, as well as reduce the risk of attacks by using the insights we have gained from being at the front-lines of investigating these attacks. Now is an exciting time to join the team and help shape and execute ambitious plans over the next 5 years. A key part of this will be increasing our capacity to help our clients prepare for and reduce the risk of attacks. This includes working with our clients' security operations teams to improve their ability to detect and respond to attacks, and with their IT teams to implement targeted technical improvements that increase "cost to the attacker". Our Cyber Incident Response practice works closely alongside many other of our front-line technical teams, including our global threat intelligence team, our Managed Cyber Defence threat hunting team and our ethical hacking practice. We also work with PwC's dedicated crisis coordination team to provide support to clients at all levels of their organisations. Experience We want team members with a strong technical understanding of how organisations can prevent, detect, assess and respond to cybersecurity threats and incidents, as well as how to build best of class incident response and security operations capabilities. We also want team members who will be passionate about developing and improving our technical consulting offerings using the insights gained from being at the front-lines of investigating these cyber attacks. You should have a proven ability to lead teams and projects to deliver improvements to security operations and incident response functions, across people, process and technology. You will have an in-depth understanding of the processes, techniques and tools used by security operations and incident response teams. We are also looking for team members with high levels of communication skills, as well as consulting and project management experience. You will also be able to easily flex between work with both technical client stakeholders, such as SOC analysts, as well as senior stakeholders such as a Head of SOCs, Head of Cyber Security or CIO. You will ideally have experience such as: Developing cyber incident response plan, playbooks and processes that allow security operations team to rapidly and effectively respond to incidents; Collaborating with incident response teams to plan and deliver targeted remediation activities after cyber security incidents; Designing prevention, detection and response strategies for organisations based on threat actor tools, techniques and procedures; Building effective security operations capabilities and using purple team engagements to tune and validate detection tooling; Working collaboratively with IT teams to remediate vulnerabilities identified through red team engagements, penetration testing and vulnerability scanning; Planning and coordination of large-scale security incident response, remediation and recovery efforts involving multiple parties and teams; Acting as the subject matter expert or technical team lead for organisations in cyber crisis and data breach situations, and providing technical response strategy and execution support to enable them to successfully resolve, remediate, and recover from cyber security incidents. A robust understanding of: The typical techniques used by attackers, ranging from criminal to state affiliated groups. Preventing and detecting common attacker techniques and the MITRE ATT&CK framework; Tuning and configuring cyber security tools, for example SIEM and EDR tooling; How enterprise IT networks, Active Directory and Azure AD operate. Responsibilities We are looking for passionate, motivated and experienced individuals that can lead our work helping clients prepare for and reduce the risk of attacks. As this role would be part of our multidisciplinary Cyber Incident Response practice, this role would also include assisting the wider team to help clients respond to cyber security incidents and to manage our profilo of cyber incident response retainers. Lead client engagements across our incident response services portfolio to help clients prepare for and reduce the risk of attacks, acting as the key point of contact for senior client stakeholders, setting direction for the project teams, and being accountable for the technical excellence of our delivery, examples include: Assessing organisations' ability to detect and respond to cyber attacks; Understanding organisations' vulnerability to specific cyber security threats; Delivering remediation projects for client's who have had cyber security incidents, and assisting plan cyber transformations; Testing and improving cyber incident response plans, runbooks and processes; Designing and implementing improvements to our clients detection tooling; Using purple teaming to tune and validate detection capabilities; and, Implementing targeted improvements to increase cost to the attacker. Contribute to capability development, proposition development and thought leadership initiatives; Provide mentoring and oversight to the incident response practice to help the team grow and develop; Collaborate and build relationships with PwC's wider Cyber Security practice, sharing insights gained from responding to incidents and helping other teams win and deliver work; Originate, cultivate and maintain relationships with existing and new clients, and support outreach and business development efforts in collaboration with other teams; Develop, enhance or refine the portfolio of incident response services in line with market trends, emerging threats, or opportunities for innovation or market disruption; Support the execution of our business strategy and growing PwC's reputation in the cyber security market, for example by taking on responsibility for relationships with third parties such as technology alliance partners; and, Play a key role in PwC's global incident response community to support knowledge sharing, practice development and to pursue opportunities in collaboration with global colleagues. . Risk We're a leading provider of trust in the digital world - in the eyes of our people, our clients and our stakeholders. Today's business environment is different. More complex. More connected. Companies not only face new and unknown risks, but also new and untapped opportunities. Our team is at the forefront of this change, join us to be a part of transforming how risk is perceived and capitalised on. Not the role for you? Did you know PwC offer flexible contract arrangements as well as contingent work (ie temporary or day rate contracting)? The skills we look for in future employees All our people need to demonstrate the skills and behaviours that support us in delivering our business strategy. This is important to the work we do for our business, and our clients. These skills and behaviours make up our global leadership framework, 'The PwC Professional' and are made up of five core attributes; whole leadership, technical capabilities, business acumen, global acumen and relationships. Learn more here: The Deal We want all of our people to feel empowered to be the best that they can be, which is why we have 'The Deal'. Find out more about our firmwide Employee Value Proposition: Diversity Valuing Difference. Driving Inclusion. We work in a changing world which offers great opportunities for people with diverse backgrounds and experiences. We seek to attract and employ the best people from the widest talent pool because creating value through diversity is what makes us strong as a business, enabling us to solve important problems and deliver value to our clients. We encourage an inclusive culture where people can be themselves, are valued for their strengths and are empowered to be the best they can be. As an organisation with an increasingly agile workforce, we also support different ways of working offering flexible working arrangements. Learn more here about our work to support an inclusive culture.