Cyber Threat Specialist (Blue Team)

Hong Kong Exchanges And Clearing

Job Location:

London - UK

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Cyber Threat Specialist (Blue Team)

Shift Pattern:

Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours:

Corporate Grade:

E - Associate

Reporting Line:

(UK Division) Information Technology

Location:

UK-London

Worker Type:

Permanent

Overall Purpose of Role

The Cyber Threat Specialist works in the Threat Detection & Response Team which focuses on defensive cyber security services to the LME and LME Clear. Working closely with peers within the Information Security function and stakeholders across the wider group they will define and deliver a modern and effective defensive cyber security capability.

The role will primarily focus on defensive security disciplines (detection engineering incident handling investigation and forensics SOAR automation threat hunting threat intelligence). The successful candidate should have a minimum of 3 years of experience in hands-on defensive security operations and up to date knowledge of attacker TTPs. The successful candidate will work closely with IT Engineering Security Engineering and Infrastructure teams to ensure that security controls are effectively implemented and maintained across LMEs platforms.

Key Responsibilities

Detection Engineering

Design implement and validate high-fidelity detection and response rules.
Lead the testing of rules against detection frameworks and support the continuous optimisation and recertification of existing detection content.

Incident Response

Lead and/or support investigations across host identity email SaaS and cloud workloads.
Support forensic and investigation work as needed including malware analysis.
Participate in on-call duties and after-hours support for incident escalations.

Security Engineering & Automation

Assist in the deployment and maintenance of security tools and platforms (e.g. DLP E-Mail Security Endpoint Protection SIEM SOAR WAF).
Develop and support the automation of security tools configuration and updates using scripting (e.g. Bash Python PowerShell).

Threat Hunting

Lead threat hunting exercises based on defined threat models and specific attack scenarios.
Perform analysis of existing data to identify anomalous patterns and convert findings into new detections / control enhancements.
Participate in Blue/Purple/Red Team testing identifying gaps/weaknesses in monitoring capabilities and recommend/implement changes.

Threat Intelligence

Operationalise threat intel (ISACs OSINT) into detections hunts and control enhancements.
Review emerging threat intelligence and produce concise advisories as needed.
Stay up to date with current and emerging trends that represent a threat to the LME.

Threat Triage

Escalation point for junior analysts to ensure timely triage of alerts from the SIEM/SOAR platform.
Support the MSSP by maintaining and improving triage runbooks to help reduce MTTD/MTTR.

Qualifications Required

University degree in Computer Science Information Management or related field or equivalent experience.
Desirable: One of or similar to the following professional qualifications: GIAC (GCIA GCDA GCFA GCIH GSOC etc.) Microsoft (SC-200 AZ-500) Security Blue Team (BTL2).
Desirable: Demonstrable activity on GitHub showing code / tools development.

Required Knowledge and Experience

Minimum of 3 years hands-on experience in at least two of: detection engineering incident response security engineering threat hunting threat intelligence; exposure to the rest.

Excellent hands-on experience in / understanding of:

Security tooling (e.g. EDR DLP SIEM SOAR).
Threat investigation and incident response.
MITRE ATT&CK cyber kill chain and common attacker tradecraft.
Offensive tooling e.g. Kali Cobalt Strike Metasploit Bloodhound Mimikatz etc.
Networking and security protocols (TCP/IP HTTPS DNS Firewalls Proxy).
Operating systems (Windows Linux/Unix Kubernetes).
Scripting or programming (Bash Python PowerShell).
CI/CD tools and cloud platforms (e.g. Ansible Tower Bitbucket Pipelines Azure)
Secure network architectures and technologies.

Personal Qualities

Curiosity about emerging threats and technologies
Ability to assess and prioritize tasks/risks
Excellent attention to detail
Strong analytical and problem-solving skills.
Effective communicator with good documentation habits.
Team-oriented proactive and adaptable in a fast-paced environment.
Willingness to learn and grow within a critical infrastructure environment.
Commitment to continuous learning

The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams we welcome the unique contributions that you can bring in terms of education ethnicity race sex gender identity expression and reassignment nation of origin age languages spoken colour religion disability sexual orientation and doing so we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.

Required Experience:

Cyber Threat Specialist (Blue Team)Shift Pattern:Standard 40 Hour Week (United Kingdom)Scheduled Weekly Hours:40Corporate Grade:E - AssociateReporting Line:(UK Division) Information TechnologyLocation:UK-LondonWorker Type:PermanentOverall Purpose of RoleThe Cyber Threat Specialist works in the Threa...

Cyber Threat Specialist (Blue Team)

Shift Pattern:

Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours:

Corporate Grade:

E - Associate

Reporting Line:

(UK Division) Information Technology

Location:

UK-London

Worker Type:

Permanent

Overall Purpose of Role

Key Responsibilities

Detection Engineering

Design implement and validate high-fidelity detection and response rules.
Lead the testing of rules against detection frameworks and support the continuous optimisation and recertification of existing detection content.

Incident Response

Lead and/or support investigations across host identity email SaaS and cloud workloads.
Support forensic and investigation work as needed including malware analysis.
Participate in on-call duties and after-hours support for incident escalations.

Security Engineering & Automation

Assist in the deployment and maintenance of security tools and platforms (e.g. DLP E-Mail Security Endpoint Protection SIEM SOAR WAF).
Develop and support the automation of security tools configuration and updates using scripting (e.g. Bash Python PowerShell).

Threat Hunting

Lead threat hunting exercises based on defined threat models and specific attack scenarios.
Perform analysis of existing data to identify anomalous patterns and convert findings into new detections / control enhancements.
Participate in Blue/Purple/Red Team testing identifying gaps/weaknesses in monitoring capabilities and recommend/implement changes.

Threat Intelligence

Operationalise threat intel (ISACs OSINT) into detections hunts and control enhancements.
Review emerging threat intelligence and produce concise advisories as needed.
Stay up to date with current and emerging trends that represent a threat to the LME.

Threat Triage

Escalation point for junior analysts to ensure timely triage of alerts from the SIEM/SOAR platform.
Support the MSSP by maintaining and improving triage runbooks to help reduce MTTD/MTTR.

Qualifications Required

University degree in Computer Science Information Management or related field or equivalent experience.
Desirable: One of or similar to the following professional qualifications: GIAC (GCIA GCDA GCFA GCIH GSOC etc.) Microsoft (SC-200 AZ-500) Security Blue Team (BTL2).
Desirable: Demonstrable activity on GitHub showing code / tools development.

Required Knowledge and Experience

Minimum of 3 years hands-on experience in at least two of: detection engineering incident response security engineering threat hunting threat intelligence; exposure to the rest.

Excellent hands-on experience in / understanding of: