Cyber Security Operations Senior Engineer

Location City of London
Discipline: Cyber Security, Information & Cyber Security
Salary: 90k per annum

​A Highly-Innovative Global Commercial Bank have a newly created position for a Cyber Security Operations Senior Engineer to join their team on a permanent basis. The UK office is in the City of London.


Their clients are the game changers, leaders and investors who fuel the global innovation economy. They're the businesses behind the next medical breakthroughs. And the visionaries whose new technologies could transform the way people live and work.

They come to the organisation for their expertise, deep network and nearly forty years of experience in the industries they serve, and to partner with diverse teams of passionate, enterprising, dedicated to an inclusive approach to helping them grow and succeed at every stage of their business.

Join them and be part of bringing their clients' world-changing ideas to life. They have the opportunity to grow and collectively make an impact by supporting the innovative clients and communities they serve. They pride themselves in having both a diverse client roster and an equally diverse and inclusive organisation. And they work diligently to encourage all with different ways of thinking, different ways of working, and especially those traditionally underrepresented in technology and financial services, to apply.


The Cyber Security Operations Senior Engineer will protect the bank by providing timely response to cyber security threats, incidents, and requests for investigations using industry leading tools and practices. The engineer will focus on security information and event management (SIEM) and security orchestration, automation and response (SOAR) tools to provide alert content, data enrichment, playbooks, runbooks, and/or process improvements to streamline investigations and provide accurate and consistent documentation and response to security events. The engineer will support Detection and Response analysts in security incident response and will continuously train and develop training material for junior analysts to be apprised of emerging technologies, threats, attacks, and countermeasures.

  • Monitor, triage, and create logic to identify and respond to cybersecurity events to track in a case management system.

  • Identify, implement, and track necessary tuning of signatures and alerts

  • Independently investigate, respond, escalate, and document findings for cybersecurity incidents and support and mentor more junior analysts

  • Create processes to review and provide quality control validation for cybersecurity cases, incidents, tasks, and countermeasures

  • Work with various teams and stakeholders to mitigate cybersecurity incidents

  • Create, update and follow documented processes and runbooks

  • Work with the Threat Intelligence team to identify areas for targeted threat hunts, create automated responses, and participate in threat hunting exercises.

  • Create, lead, and participate in department training exercises (table top, blue and purple team, etc.)

  • Configure and manage cyber security instrumentation, create automated processes, and identify and develop alert logic to monitor and respond to security events.


  • Cybersecurity best practices and trends

  • Cybersecurity Incident Response Lifecycle and methods

  • MITRE ATT&CK Framework

  • Cybersecurity risks and controls

  • Networking and TCP/IP protocol

  • Windows and Linux operating systems

  • Cybersecurity architectures and methodologies (Defense in depth, Kill-Chain, NIST, OWASP, etc.)

  • Amazon Web Services

  • Indicators of Compromise (IOC) and Tactics Techniques and Procedures (TTP)

  • Python

  • Splunk SPL

Skills (i.e. excellent communication, attention to detail) that are required to be successful in this role):

  • Analyze application, system, and security logs from any log source

  • Document forensic investigation and research findings

  • Demonstrate clear written and verbal communication

  • Work well independently without in-person supervision

  • Collaborate with team members across separate geographic locations

  • Work well under pressure of cybersecurity incidents

  • Build relationships with individuals across the organization

  • Read and write scripts in python, javascript, splunk spl, regex, powershell, or perl, etc.


  • Analytical problem solving mindset with an ability to deconstruct complex issues with unbridled curiosity

  • Team orientation

  • Strong work ethic

  • Critical thinking

  • Initiative for continuous learning

  • Confidence

  • Self-starting mindset

Required Education and Experience:

  • Bachelor's degree in a technical field (cybersecurity, information technology, computer science, computer engineering, etc.) or commensurate experience in a technical job role 3 or more years’ experience working in a cyber security role

Preferred Education and Experience:

List additional education or experiences that are preferred, but not required (i.e. Experience working with C-Level Customers)

  • Five or more years’ experience working in a cybersecurity or infrastructure role.

  • Master's degree in a cybersecurity or technical field (cybersecurity, information technology, computer science, computer engineering, physics, etc.)

  • AWS Certified Solutions Architect or Associate

  • Experience in the banking or financial industry

  • Experience managing security orchestration automation and response technologies (SOAR)

  • Experience managing security information and event management (SIEM)


List any certifications that are required or preferred (i.e. Series 6 – required; Series 7 – preferred)

  • Certified Information Systems Security Professional (CISSP) or Associate of (ISC)²

  • Certified Cloud Security Professional (CCSP)

  • Systems Security Certified Practitioner (SSCP)

  • GIAC Security Essentials (GSEC)

  • GIAC Certified Intrusion Analyst (GCIA)

  • GIAC Certified Incident Handler (GCIH)

  • GIAC Certified Enterprise Defender (GCED)

  • GIAC Continuous Monitoring Certification (GMON)

  • GIAC Certified Forensic Analyst (GCFA)

  • GIAC Advanced Network Forensics (GNFA)

  • CompTIA Security+

  • CompTIA Advanced Security Practitioner+ (CASP+)

  • Certified Ethical Hacker or Computer Security Incident Handler (CSIH)

  • EnCase Certified Examiner (EnCE)

  • Access Data Certified Examiner (ACE)

  • AWS Cloud Certified Practitioner

  • AWS Cloud Certified Practitioner

  • AWS Certified Solutions Architect or Associate

  • AWS Security Specialty

  • Palo Alto Networks Certified Detection and Remediation Analyst

  • Splunk Core Power User

  • Splunk Enterprise Certified Admin


Travel may be occasional as required.


  • Private Medical Insurance

  • Telemedicine

  • Health Assessments

  • Dental Insurance

  • Eye Care

  • Holidays

  • Wellness (Employee Assistance Program, Gym Subsidy, and Ride to Work Scheme)

  • Transportation

  • Group Personal Pension Scheme

  • Disability and Life Assurance

  • Employee Stock Purchase Plan (ESPP)

  • Travel Insurance (Business Travel Insurance and Personal Travel Insurance)

  • Employee Referral Program

  • Family Bonding Time (Enhanced Maternity/Adoption Leave, Paternity Leave, Shared Parental Leave, and Special Parental Leave)

  • Developing and Giving Back (Learning Opportunities, Employee Recognition, and Matching Gift and Community Involvement Program)