What you are going to do:
The Senior Security Operations Engineer is multi-disaplinary role and a member of the UK&I Divisional Security team. The secops engineering group has responsibilities across a number of key areas and each engineer is assigned an area of primary, secondary and in some cases tertiary focus, that best utilises their skillset and is attuned to their career path.
Working within the Security Operations group and with vulnerability, incident response and platform experts they will help ensure the delivery of effective, integrated 24x7 security operation services.
They will take ownership of the monitoring, tuning and configuration of key security platforms, ensuring that they are always in a state of operational readiness.
They will play an active role as a member of the incident response group, acting as a key point of contact for security events and incidents and taking ownership for tracking issues through to resolution with stakeholders inside and outside security operations.
They will be responsible for delivering a high level of customer support, security guidance and security analytics to wide ranging business areas.
Your Responsibilities (Depending on areas of focus the following apply in varying degrees.)
- Build, tune and configure security operations tooling, to support effective delivery of 24/7 operations.
- Monitor, analyse and investigate security events and alerts as level 3 escalation.
- Research and investigate emerging threats, identify actions needed to detect or mitigate and develop communications to inform the wider security fuction.
- Develop threat intelignece product for technical and non-technical stakeholders.
- Create and deliver presentations to technical and non-technical stakeholders.
- Deal with security support queries related to security operations or general security issues where appropriate.
- Act as a part of incident response team, including out of hours on-call rota, providing expert technical analysis and tooling support, and where appropriate provide operational cyber intelligence support during ongoing incidents.
- Contribute to the continuous improvement of the Security Operations framework ensuring it stays aligned with the ever changing technology and threat landscape.
- Support the vulnerability identification, remediation and management reporting processes.
- Actively develop, coach and mentor security tribe colleagues through the mutual sharing of knowledge and experience, training and on the job development.
- Actively review and develop run books to directly contribute to creating a best in class SecurityOperations function.
You are someone that:
- Is a self starter with excellent organizational and communication skills.
- Has strong analytical skills ideally gained through prior experience of security investigations.
- Can work calmly when presented with a security incident.
- Is dedicated to positive service delivery with a passion for security and and continous improvement.
- Has a natural curiosity for troubleshooting and diagnosing technical issues.
- Can work with a minimal supervision and as part of a team.
- Consistently delivers high quality results by agreed deadlines.
- Has the ability to quickly understand and adapt to a complex, rapidly changing, global organisation.
- Consistently demonstrates a positive, collaborative attitude.
- Can perform analysis of potential risks to security and recommend solutions.
- Understands and has a keen interest in Blue Teaming.
Key Skills Required:
- Experience of working in a SOC analysis and investigation environment.
- Solid computer networking and network security analsysis.
- Good understanding of enterprise/corporate IT operations and standard enterprise security controls.
- Administration skills across one-or-more operating systems and its respective scripting language.
- Good understanding of security event logging and its use in event analysis.
- Experinece of investigation and resolution for issues with security platforms and tooling.
- In-depth experience of incident management and technical incident investigation.
- Positive attitude and key interests in Blue Teaming
- Python scripting .
- Good knowledge of EDR/AV, IDS/IPS and SIEM tools.
- Knowledge of SOAR and the Mitre Att&ck Matrix.
- Good knowledge of Splunk & Splunk Enterprise Security (Splunk SPL & general administration).
What you can expect:
- An open and collaborative team who value and respect each other;
- An autonomous environment where you are empowered to make decisions;
- 25 days of annual leave;
- Share save scheme and „Flexible Benefits” of your choice;
- Private health insurance (includes dental insurance and health assessments);
- Excellent development opportunities including online and in-house training, access to thousands of courses online through ‘Udemy'.
Ways of working:
Flexible working is our way of working! We're a diverse workforce and therefore a 'one size fits all' approach isn't necessarily best. Whatever your personal needs may be, let's have a chat and see how we can accommodate them;We thank all applicants for their interest, however only the suitable candidates will be contacted for an interview. By submitting your application online, you agree that: your details will be used to progress your application for employment. If your application is successful, your details will be used to administer your personnel record. If your application is unsuccessful, we will retain your details for a period no longer than two years, in order to consider you for prospective Paddy Power Betfair role.