We are currently looking for a Technical Consultant for our Cyber Defence Operations team. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools. In addition the candidate will be providing threat analysis on regional and global risks facing the organisation.
The Cybersecurity function is a part of the Global Business Solutions Risk (GBS) & Cybersecurity department, within the GBS group. The GBS Group function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.
GBS Risk & Cybersecurity is responsible for:
- Cybersecurity: Protecting the Technology Environment from internal and external security threats,
- Application Security (through secure coding practices, penetration testing, and developer training)
- Centralised Access Management - working to principles of least privilege, access appropriate to role, and Role Based Access Control
- Infrastructure Security
- Security Engineering and Architecture
- Security Application Support
- Cyber Defence Operations (CDO)
- Information Security Risk Management
- Technology Risk and Audit Management,
- Technology Service Continuity
Purpose of your role
The Cyber Defence Operations team has a requirement for day-to-day management of security tools used to respond to malware and other security related incidents. The technologies include, but are not limited to, Advanced malware detection, DDoS, IPS, anti-spam, threat intelligence and logging/analytics capabilities. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools. In addition the candidate will be providing threat analysis on regional and global risks facing the organisation.
- Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)
- Use provided tools to perform continual monitoring and analysis of system activity to identify malicious activity and configure mitigations
- Coordinate with other departments to manage and administer the updating of rules and signatures (e.g. intrusion detection/protection systems, anti-virus, and content blacklists) for specialized applications.
- Coordinate with enterprise-wide Networks teams to validate network alerts
- Employ approved defence-in-depth principles and practices (e.g., defence-in-multiple places, layered defences, security robustness)
- Recommend computing environment vulnerability corrections
- Identity and correct inconsistencies or complications in process
Triage events including malicious activity and incidents of concern
- Analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
- Receive and analyse network alerts from various sources within the enterprise and determine possible causes of such alerts
- Assist in determining appropriate course of action in response to identified and analysed anomalous network activity
- Analyse network traffic to identify anomalous activity and potential threats to network resources
- Document and escalate incidents (including event's history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
- Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
- Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack
Reporting, monitoring & support
- Identify potential conflicts with implementation of any tools within CDO area of responsibility (e.g., tool/signature testing and optimization)
- Provide summary reports of security events and activity relevant to CDO. This includes external incident and threat analysis
- Perform trend analysis and reporting
- Monitor external data sources (e.g. vendor sites, Computer Emergency Response Teams, SANS, Open Source and Private feeds) to maintain currency of threat condition and determine which security issues may have an impact on the enterprise
- Support weekly reporting activities on a rotational basis for the CDO function
Your skills and experience
- At least 5 years of experience working in a SOC, cyber defence or Incident Response position.
- Knowledge of or experience working with security (SIEM, IPS, Anti-malware, EDR, email security and DLP)
- Experience explaining the risk of security threats and creating mitigations.
- Experience of general IT infrastructure technologies and principles.
- Knowledge of current security threats and common exploits
- Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL.
- Understanding of Networking Architecture (OSI Model).
- Experience using data science or advance analytical tools to solve security incidents.
- Ability to automate tasks using scripting on both Windows and Linux systems.