LSEG Security Operations is a central function employing people, process and technology to continuously monitor and respond to cyber security incidents. Security Operations spans multiple domains including cyber threat intelligence, cyber threat detection, data loss prevention and cyber incident response.
This role is a GSOC L3 Analyst for the Global Security Operations Centre (GSOC). The role is responsible for identifying and responding to cyber security incidents and enhancing the defensive capabilities of the GSOC.
- Serve as a focal technical lead on cyber security events and incidents.
- Provide technical, hands-on incident investigation and support and serve as a primary point of contact with management.
- Conduct complex digital forensics and advanced malware analysis investigations.
- Preserve, harvest and analyse data from computer systems including desktops, servers (virtual/physical) and mobiles.
- Manage the chain of custody for all evidence collected during incidents, security, and forensic investigations.
- Build and enhance defensive capabilities using monitoring technologies including SIEM and EDR.
- Perform proactive threat hunting to identify cyber threats.
- Train level 2 incident responders in the steps to take to investigate and resolve computer security incidents.
- Experience performing complex digital forensic and incident response investigations, preferably backed with industry recognised certifications.
- Deep knowledge of common operating systems (e.g. macOS, Windows, Unix, Linux) and their associated file systems.
- Proficient with industry-standard incident response toolsets such as EnCase, X-Ways, FTK and Volatility.
- Knowledge of cloud technologies and cloud infrastructures such as AWS, GCP, Azure, O365.
- Experience with conducting log analysis across different components of a typical organisation estate (e.g. OS, network, cloud).
- Deep understanding of advanced cyber adversary tools, techniques and procedures.
- Strong understanding of Security Operations Centre (SOC) practices, processes and procedures.
- Incident response process and procedures including common frameworks (e.g. NIST, SANS).
- Automating and refining incident response procedures/playbooks to maximise SOC efficiencies.
- Policies, standards and security frameworks, NIST, CIS.
- Digital forensics/incident response certification(s) such as SANS, CREST or equivalent.
- Competent with one or more programming languages (e.g. Python, PowerShell, Java, C#).
If you have questions about this job, please click on apply. The employer will contact you then.