About the role: The LMAX Group is looking for an experienced Security Analyst to join our highly skilled team of enthusiasts, and who want to broaden their skills both within security engineering, threat hunting and automation.
You will deal with the security events which are detected and to lead in-depth analysis on these. You will need to have proven experience in the field of Cyber defence and know attack methods and be experienced with technologies such as IDS, SIEM, Log management, vulnerability management.
We are looking for a person who is passionate about security and who has the curiosity and the ability to find the loopholes at both a technical and process level, which can be used to build associated detections. You will have the ability to see the big picture' and to be able to explain the limitations and weaknesses of a technology or solution. You must be able to work on your initiative in a fastmoving environment.
We realize people do not fit into neat boxes and the LMAX Group offers some flexibility around remote working.
- Triage events. Conduct detailed investigations and research on security events. Provide detailed technical reports about incidents and capability improvements.
- Support incident response, as requested, i.e., forensic investigation in parallel of recovery and reporting activities.
- Maintain a high level of visibility into the Group's estate for security events, removing false positives.
- Perform periodic analysis around incidents/detections and landscape analysis to propose and implement optimizations and enhancement to improve the Group's security posture.
- Produce reports around key metrics, processes, and procedures to demonstrate the audibility of our systems to regulators and internal stakeholders.
- Work closely with the Threat Hunting team to research and improve the Group's ability to detect custom attacks.
- Educate the Group's employees to improve security awareness.
- Own the vulnerability management program, prioritizing and communicating vulnerability announcements, scanning, patching, and keeping the asset inventory complete.
- Experience working within a Security Operations Centre (SOC).
- Experience performing triage and remediating security incidents.
- Basic experience with automation and scripting (python/bash/etc).
- Comprehensive knowledge of the principles of computer and communications security, networking, and the vulnerabilities of modern operating systems and applications.
- Familiar with Linux systems (servers/workstations/containers), you will use Linux as your desktop.
- Understanding of Network Intrusion and Detection Systems (NIDS) and Endpoint, Detection, and Response (EDR) tooling.
- Understanding of cryptography. You are able to explain how SSL/TLS works.
- Knowledge of networking and TCP/IP. You know the OSI model and can explain it in detail.
- You understand what an Advanced Persistent Threat is, and how to use telemetry to surface such an actor.
- Computer security tools (Vulnerability Assessment, Anti-virus, Protocol Analysis, Anti-Virus, Protocol Analysis, Anti-Spyware, etc)
- Ability to work independently to achieve team objectives.
- Strong interpersonal and communication skills.
- Awareness of legislation and frameworks such as GDPR and ISO 27001
- Genuine enthusiasm for Security and Open Source. We love Opensource.
- Positive, constructive, and open-minded attitude. You will always learn.
- Systematic problem-solving approach, coupled with a strong sense of ownership and drive.
- A practical approach to managing time and workload to ensure that the tasks required are completed in a timely fashion.
- Ability to understand business processes and translate those into detections within the SOC.
- Good documentation and communication skills to communicate with a global team.
Any of the following would help you to stand out
- Solid knowledge and experience in monitoring threats in a cloud environment.
- Experience working with the Splunk Enterprise Security suite
- A good understanding of Security, Orchestrations, Automation, and Response (SOAR) concepts, and their benefits.
- Industry-leading certification in the area of Cybersecurity such as GCIA, GNFA, GCIH.
- Knowledge of web application vulnerabilities.
- Web Filtering and Data Loss Prevention tooling.
- Experience within the finance sector.