Lead SOC Engineer at PrimaryBid

The role

Reporting into the CISO, you will be working with cloud native security tooling, automating workflows and building on our foundations to reach a goal of machines doing the heavy lifting, leaving humans to be able to deal with the important aspects of security.

You will be working closely with our Product Managers, SRE and wider technical and engineering teams to drive the DevSecOps operating model to embed security into everyone's daily activities and ensure that everyone is ‘incident ready’. 

Key responsibilities 

• Support the CISO with operationalising the Security Operations strategy which is being implemented and continually developed as we mature
• Implementing technical security controls as applicable to ensure enforcement of policies and procedures.
• Develop requirements for integration into the SecOps environment
• Enable cloud security governance (AWS, EKS) with monitoring, security posture management and vulnerability scanner tools.
• Leverage knowledge and experience to deliver end-to-end automated solutions which includes, workflow customization, ticketing, process automation, report development, dashboard creation, and system configurations
• Diligently document your work and share knowledge with the team.
• Consider dependencies, relationships, and integration points to ensure proper solution integration with other systems when applicable
• Stay up-to-date with emerging security threats, technologies, and industry trends, and provide recommendations for proactive security measures.
• Engage with the wider business to understand the risks and threats and use this to inform requirements for the Security Operations Centre (SOC);
• Conducting internal Cyber and DLP (Data Loss Prevention) investigations
• Management and investigation of cyber related forensic activities.
• Developing security incident response plans & procedures including Security Incident Crisis / Emergency Management 
• Bring automation principles as the default way to go in all operational activities across the domain, and influence beyond
• Build relevant KPIs & dashboards for regular review with the CISO
• Provide expert advice and guidance to teams and business units on security-related matters, including disaster recovery, monitoring and alerting and general security strategy
• Act as a liaison with external vendors and partners to facilitate partnerships and ensure compliance with regulatory requirements.
• Helping to develop our SIEM into a single pane of glass security view for various teams within the the business to view their own part of the platform without cross contamination of information from other teams
• Develop the SIEM to display security health within the business, as the single source of truth for all security information this will be the place to show trending security health and maturity

Competency Requirements

Knowledge

• Uses professional concepts and company objectives to resolve complex issues in creative and effective ways.
• Provides advice and weighs in on complex decisions and problems that impact other teams or the company.
• Is an expert in a specific area of  their field 
• Researches and proposes new tools to facilitate self-, team- and company-wide learnings.

Ownership and delivery 

• Able to scope and define work or projects into well-defined milestones and timeframes. 
• Regularly delivers projects or work as and when required; expectations are always managed.
• Identifies and proactively tackles future issues before they escalate.

Communication and Leadership 

• Effectively communicates a plan and vision to both team and to management at a project level and gets buy-in on solutions.
• Provides feedback on projects outside of their core area.
• Makes others (both above and below) better through mentorship or guidance on specific areas related to their functional knowledge. 
• Contributes to the career development of others and empowers those around them.

Discipline Requirements

• Possess strong communication and business skills to communicate with senior problem resolution stakeholders, with the ability to effectively explain vulnerabilities, how they could be exploited and why they need addressing.
• Extensive experience with intrusion analysis, incident handling, incident response, malware analysis, vulnerability assessment or penetration testing, preferably with FinTech industry experience.
• Strong understanding of Cloud Services, including operating shared responsibility models.
• Able to automate your work by writing code, scripting and contributing to better workflows
• In-depth experience operating and analysing continuous monitoring tools to prevent, detect, analyse, and respond to security incidents.
• Extensive experience working with any of the major public cloud providers and understanding network infrastructure.
• Deep Splunk Cloud and ES knowledge and experience 
• Working with DarkTrace & Prisma Cloud advantageous 
• You understand the kubernetes ecosystem and security considerations around it.
• You want the goal of an machine lead SOC approach with human interaction on the important bits
• You enjoy learning about both the offensive and defensive aspects of security.
• A good understanding of security topics in AWS, GCP, serverless, container platforms and Infrastructure as a Code environments.
• In-depth knowledge of security concepts such as cyber-attacks and techniques, threat vectors, risk management, incident management etc.
• Knowledge of tactics & techniques used by threat actors eg MITRE ATT&CK framework
• Ability to handle high pressure situations with key stakeholders
• Experience of leading technical security issues to resolution, incident response coordination
• Ability to interpret system / device logs and events, identify patterns of behaviour and indicators of compromise (IOC’s)
• Being a subject matter expert on threat hunting, incident response, intrusion detection, and threat intelligence to develop automated detection and response capabilities.
• You take a risk-based approach to embedding security in technologies.
• Excellent analytical and problem-solving skills with the ability to assess risks and develop effective mitigation strategies.
• Have a proven experience and understanding of how to work with and quickly build positive cross functional relationships
• Self-starter able to work with minimal supervision and dedicated to deliver results
• Up-to-date knowledge of current and emerging security threats, vulnerabilities, and industry trends.
• You are a constant learner, keeping yourself up to date on important events in the security field, and on the ever changing threat landscape.

Required knowledge/qualifications/memberships and ongoing training requirement

• CPD log 35 hours (per year)

Senior Managers and Certification Regime 

The role is a Code of Conduct (COCON) role. The holder is also required to act in accordance with the PrimaryBid code of conduct as detailed in the contract of employment, the Staff Handbook, PrimaryBid Procedures (Compliance Manual) and the firm’s policies.

Regulatory responsibilities

• Promote a culture of compliance with all applicable law, regulation, internal procedures, and codes of conduct to minimise the risk of misconduct and prevent the use of the company to further financial crime. This includes any money laundering, terrorist financing, bribery, corruption, fraud, or breaches of UK and international sanctions regimes.
• Ensure appropriate level of market conduct
• Ensure that you and the members of your team complete all mandatory training 
• Maintain fit and proper status, disclose any circumstances which may lead to any breach of conduct rules, and assist with any investigations or disciplinary proceedings
• Ensure the standard of documentation of all of the relevant department’s systems, controls, policies, and processes
• Maintain decision making record

The Company reserves the right to vary or amend the duties and responsibilities of the post holder at any time according to the needs of the business.