My Client is an investment bank based in London; they are looking for a permanent Information Security Risk Analyst to join their team. The key areas of security for this role are Incident Response, Security Monitoring, Incident Investigations.
Responsibilities:
· Monitoring & Compliance
o Analyse, develop and refine security monitoring controls, practices and use-cases to detect anomalies and incidents across the applications and infrastructure estate.
o Monitor activity upon specified information systems and devices. Identify and report suspicious, improper, malicious or harmful activity. To include regular and ad-hoc reporting.
o Undertake complex IR investigations into specific threats or security incidents both internal and external.
o Support the regulatory and internal audit programmes by responding to requests for information.
o Identification, escalation and reporting of security incidents and breaches. Co-ordination of responses to these breaches, assess the impact and improving the overall Incident Response process.
· Security Engagement & Best Practice
Work alongside the company’s independent penetration testing program.
Work closely with other technical and business departments to mitigate security/cyber risk:
Implement policy and procedure
Identify potential security threats and risks that may need review
Assist in risk assessment/acceptance/remediation processes
Identifying areas in the company service for improvement, proposing and supporting strategy to make these improvements.
Develop and mature the Incident Response and Threat hunting capabilities.
Implementation of Incident Response frameworks/methodologies such as Kill Chain, MITRE, Threat Modelling, Diamond Model.
Development of Threat Intelligence capabilities and integrating with the security monitoring framework.
Development of Security monitoring use cases and implementing custom IOC within the controls to detect suspicious and unusual traffic.
Working with other business stakeholders to drive the enterprise wide Security logging policies and procedures.
Key skills:
· Relevant experience in an Incident Response and Security Monitoring;
· Security Design and Architecture experience;
· Experience in a banking, investment banking or investment management environment;
· Incident Response experience with capabilities of forensics. Experience with packet analysis on wireshark or any other network protocol analyser.
· Managing cyber security incidents;
· Experience working with Cyber Security and Incident Response frameworks such as NIST, Kill Chain, Attack life Cycle, & MITRE).
· In-depth experience with SIEM tools with a strategic oversight on appropriate use case methodologies. Implementation of robust security monitoring use cases and Threat hunting capabilities.
Please apply now to Ryan Camp for immediate consideration and further details.
Keywords: Information Security Analyst, IT Security Analyst, Information Security Risk Analyst, Information Security, IT Security, Incident Response, Security Monitoring, Incident Investigations, Investment Bank.
Scot Lewis Associates Ltd is acting as an employment business.