Cyber Security Level 3 Analyst / Engineer

We now have a fantastic opportunity for a CSOC Level 3 Analyst/Engineer to join our Cyber Security Operations Centre Team, embedded within IT Operations.

The role is based at our Hereford Campus, featuring state-of-the-art facilities.

We offer a variety of workspaces, including an open-plan office, outdoor areas, and meeting pods, along with plenty of spots to relax, unwind and socialise.

We believe in the importance of in-person collaboration, but also recognise the need for flexibility. Our Cyber Security Operations Centre Team follows a hybrid working model that balances business requirements with individual flexibility. For this role, you’ll be expected to work in the office 1 to 2 days per week to support team collaboration and meet business priorities.

The CSOC currently operates an on-call rota, which you will be expected to participate.  In addition, the CSOC will be driving towards a full 24/7/365 operation in the near future.

Reporting to the Cyber Security Manager, as CSOC Level 3 Analyst/Engineer, you will be the engineering lead in the CSOC function.

Your primary focus will be to ensure compliance with regulatory requirements and controls are kept up to date. You will develop and maintain all the security operations’ tools sets, that they are working at optimum performance, tune and build new rule sets and respond to engineering requests that relate to allpay’s Security Information and Event Management (SIEM) system.

You will also be responsible for the automation of CSOC tasks and reporting. 

Some of your other key responsibilities will include:

• The role will also ensure that systems, services, and applications are secured, monitored and threats are detected and responded to accordingly.
• Alongside the Cyber Security Manager, you will form part of the TDA (Technical Design Authority) group who verify any new project work, ensuring the development and infrastructure teams introduce best practice for hardening our defences.
• You will be expected to provide ad-hoc out of hours additional support during a major incident (Severity 1 or 2) or where the business need demands it. 

As our ideal CSOC Level 3 Analyst/Engineer you will have the following:

Knowledge and Skills

• Solid understanding of IT security architecture / infrastructure best practices.
• Solid understanding of CSOC progression and maturity models and strategically advise on operational current best practice which aligns with business goals.
• Knowledge of the operation, configuration, and maintenance of Security Information and Event Management (SIEM) systems, as well as Endpoint Detection and Response (EDR) tools. 
• Skilled at creating custom Indicators of Attack (IoAs) to align with current attack vectors and threats facing the business.
• Serve as subject matter expert on incident detection and analysis techniques providing guidance to all level analysts and making recommendations to organisational managers.
• Strong background in DevOps practices, including pipelines and YAML, alongside proficiency in scripting languages such as Python, PowerShell, and Bash, which you will utilise for automation and analysis.
• Understand key principles of software development, log analysis, and digital forensics and be adept at leading automation and orchestration requirements for the CSOC.    
• Ideally, you will have a solid grasp of regulatory compliance requirements and previous experience within the Financial Services sector. Along with risk identification, solution design, and issue resolution.
• Effective communication skills, both written and verbal.
• You will be a team player with a proven ability to collaborate effectively across multiple business functions and adapt to fast-paced situations. 

Qualifications

• Ideally a bachelor’s degree in cyber security or an IT related field.
• Attained or are working towards any of the following: Microsoft Qualifications such as AZ-500, SC-200/300/400, Security qualifications such as CPIA, CASP+, CISSP, CEH, OSCP or similar.