H&R Talent are looking for someone who is personable and approachable as the role is highly customer facing with the ability to work to tight deadlines and under pressure with self-discipline who wants IT career progression.
As a member of the IT Security Operations team, you will report to the Information Security Manager where you will maintain the confidentiality, integrity and availability of the organisation and its customers’ information and information systems. This will be primarily achieved through the identification and response to security events, identified on event monitoring systems.
Main responsibilities:
Develop and maintain SIEM services based on MS Sentinel for the organisation and our customers. including but not limited to advising of events capture, tuning, use case development, alert triage and response
Act as a mentor for other team members on MS Sentinel and be an advocate for IT Security.
As part of the Security Operations team, identify, triage and respond to security events identified by any of the security controls used in the organisation or its customer environments.
Respond and manage service requests, problems and incidents logged at the Service Desk or act as a point of escalation for security related issues from any source within the organisation or its customer base.
Providing root cause analysis of security breaches in a confidential manner, relating to the Service Operations and Service Support environments and report findings as part of the post-incident review.
Advising the Information Security Manager of any improvements to working practices or beneficial technical changes to improve the security and performance of its infrastructure / services.
Drafting and managing processes and procedures relating to Security and Operations.
Ensuring that all documentation and reports are delivered to the organisation's standards and compliance.
Qualifications
Essential: Professional IT qualification such as MCSE, CCNA, CompTIA etc. or Information Security qualification such as SSCP, Security+, ECIH
Desirable: MS SC-200
Relevant IT based degree (or equivalent).
Experience:
Essential:
Demonstratable experience on monitoring and developing use cases in SIEM products
Ability to investigate, troubleshoot and resolve security events.
Good level of knowledge in IT and networking fundamentals, for example, Operating Systems, Directory services, TCP/IP, DNS, HTTP(S), SMTP
Good level of understanding in the approach threat actors take to attacking a network, phishing, port scanning, web application attacks, DDoS, lateral movement
Experience working in an operational IT Services environment
Knowledge in Windows and/or Linux operating systems, how to investigate them for signs of compromise
Experience working in a Security Operations Centre
Desirable:
Experience in a commercial IT Solutions provider or Managed Services environment.
Foundational understanding for Public / Private Cloud Services (Azure/AWS/O365, CASB etc) and how an attacker can utilize these platforms
Use of MS security stack – Defender for Endpoint, Defender for Identity etc
Skills & Abilities:
Essential:
Comfortable in analysing and creating scripts, preferably in KQL
Ability to identify, recommend and implement operational improvements
Hands-on, pro-active approach.
Ability and enthusiasm to learn and self-motivate.
Attention to detail with strong analytical, interpretation and problem-solving skills
Strong interpersonal skills
Accurate and clear written, and oral communication skills
Strong interest in IT Security
Ability to generate reports and present key security metrics
Desirable:
Knowledge of Government Security frameworks (PSN, DSP Toolkit, G-Cloud etc.)
Policies, Procedures and Quality Standards
*All employees will be expected to become familiar with and adhere to all company policies and procedures including the Health and Safety Policy.
*All employees will be expected to support company quality standards including, but not limited to, the following:
ISO 9001
ISO 14001
ISO 20000
ISO 27001