Security Operations Centre Shift Lead

Division: CISO
Cyber Defense Centre (CDC) is part of the Chief Information Security Officer Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclears services its supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities Security Operations Centre (SOC) and Cyber Incident & Response Team (CIRT). This includes cyber threat intelligence vulnerability management penetration testing brand and digital footprint monitoring security incident and event monitoring cyber analytics incident management and forensic analysis.
CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders including customers oversight bodies threat intelligence providers and third parties.
The Security Operations Centre (SOC) houses the information security team responsible for monitoring and analysing an organizations security posture on an ongoing basis. The SOC teams goal is to provide 24x7x365 capabilities to detect analyse and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. The SOC staff works closely with the Cyber Incident Response team (CIRT) to ensure security issues are addressed quickly upon discovery.
The SOC monitors and analyses activity on networks servers endpoints databases applications websites and other systems looking for anomalous activity that could be indicative of a security incident or compromise.

Responsibilities & duties

• First point of escalation for the Tier 1.
• Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsets.
• Review and build new operational processes and procedures. Review the automated process workflows and provide feedback for updates/enhancements.
• Triage and investigation of advanced vector attacks such as botnets and advanced persistent threats (APTs).
• Advice on the tuning of IDS proxy policy in-line malware tools based on threat feeds trust and reputation data incidents or vulnerabilities and exploits of downstream systems.
• Provide use case creation/tuning recommendations to the Security Intelligence Analyst based on findings during investigations or threat information reviews.
• Support the creation and maintenance of a knowledge base.
• Provide training knowledge sharing sessions to the SOC team mentor the Tier 1 team.
• Support the Service Delivery Manager with reporting.

Qualifications required

• 3 year prior experience in a similar position
• Experience of network security zones Firewall configurations IDS policies
• In depth knowledge TCP/IP
• Knowledge of systems communications from OSI Layer 1 to 7
• Experience with Systems Administration Middleware and Application Administration
• Experience with Network and Network Security tools administration
• Knowledge of log formats and ability to aggregate and parse log data for syslog http logs DB logs for investigation purposes
• Ability to define a containment strategy and execute
• Good knowledge of threat areas and common attack vectors (MITRE ATT&CK)

Nice to have:

• Splunk and XSOAR experience
• Experience with log search tools such as Splunk usage of regular expressions and natural language queries
• Knowledge of encryption and cryptography
• Previous experience in the financial industry
• Scripting (automation) and familiarity with Cloud (AWS/Azure)

#LI-YK1