The successful candidate will be experienced in security operations, understanding the importance of the data loss controls, insider risk policies and automated security actions and how this protects the sensitive business data and can enhance an analysts response to events. This is a critical role expected to build and maintain our data loss and insider risk controls portfolio and help mature our monitoring and response processes. The successful candidate will be comfortable working at a technical level, proactively suggesting, designing, and implementing data loss policies and improvements to the existing controls whilst also being able to prioritise backlog engineering work (mainly sourced from our false positive detection). Will also demonstrate integration implementation of data loss and insider risk tools with SIEM and SOAR platforms. Understand insider risk analysts workloads, experience in simplifying and automating security actions. The role will be supported by a strong security leadership team who are keen to develop our controls underpinned by our investment in leading security tooling. Our leadership team will be looking at this role to significantly decrease our time to respond and reduction of false positives - a key KPIs for us.
Key Responsibilities
Ensure data loss controls are kept up to date, analysing and utilising new tools features as they are released
Research and propose the data loss controls for various channels
Engineer and implement the data loss controls to support protecting data
Focus on integrations with SIEM and SOAR solutions to gain visibility of controls and to design automation
Working as part of a global insider risk team to deliver solutions to reduce manual dependencies on the workload
Proactively identify the policy fine tuning opportunities from Business As Usual (BAU) activities
Focus on quick wins that can immediately help free up analyst time
Create regular workshops to obtain suggestions and demonstrate improvements and provide regular training to the team on newly implemented controls
Ensure our security controls are integrated with each other - sharing information rather than silod controls
Working with other security teams to look at how we can use their data to enhance our own monitoring
Experience and Qualifications
Experience and strong understanding of frontline security operations
Experience in designing and implementation of the Data loss controls in industry known tools (e.g. Microsoft Purview, Proof Point)
Competent in scripting languages required for automation e.g KQL, Regex, PowerShell, Python, etc
Experience in working on integrations with SIEM platform and workflows on SOAR platform
Reporting ability, with an understanding on how to tailor reports to show capacity and efficiency improvements
Understanding of how business data can be exfiltrated outside the enterprise, flow between technologies and be manipulated to provide useful security information.
Experience in Microsoft Purview, Compliance Manager and Security Manager
Strong communication skills with evidence of being in a position responsible for taking feedback from technical teams and turning this into improvements.
Banking or Finance industry related experience desirable
Data Loss tools certifications preferred
Soft Skills
Analytical skills
Challenge the current processes
Team player
Time management
Your Skills and Experience
At least 3 years of experience working in a SOC or Incident Response position.
At least 1 year experience in Microsoft Compliance Manager
Knowledge of or experience working with security (SIEM, DLP, SOAR)
Experience explaining the risk of security threats and creating mitigations.
Experience of general IT infrastructure technologies and principles.
Understanding of the underlying protocols including HTTP, HTTPS, SMTP.
Understanding of Networking Architecture (OSI Model).
Experience using data science or advance analytical tools to solve security incidents.
Programming experience (PowerShell, RegEx)
Nice to Have
Experience dealing with security incidents using the NIST and MITRE ATT&CK framework.
Nice to Have Certifications - Microsoft SC400, SC900, Security , GCIH, GCFA, GMON, GNFA, SSCP, OSCP
Experience in ServiceNow Security Operations Module