Job Title Associate Security Operations Analyst
IG’s Security Operations team (SOC)is responsible for managing security-related events within IG. The goals of the team are to ensure that security incidents adversely affecting the business are quickly diagnosed, workarounds are determined, proper root cause analysis is performed, and actions are taken to prevent the issue from reoccurring.
The Security Operations function is a vital piece of the organization ensuring company information and systems are protected from unauthorized access, disruption, modification, or destruction. This is accomplished using various operational security controls, processes, and policies.
Core functions include:
Monitor a wide variety of security tools directly and via the SIEM as necessary to detect cyber attacks and other unauthorized activity.
Assist with the creation and refinement of security monitoring rules, techniques, and processes.
Gather data and perform the initial analysis for newly discovered security incidents, classifying, and triaging as appropriate.
Investigate and resolve security incidents both independently and in collaboration with the wider SOC team.
Ensure accurate logs are made of all actions during incident response activities and produce a final report detailing the incident timeline when required.
Actively participate in post-incident process improvement and reporting activities.
Security Policy Review and Maintenance
Perform regular reviews and audits of technical security controls, including firewall policies, DLP policies, Active Directory permissions, and SIEM log collection.
Help meet company compliance requirements by supporting internal and external audits, risk assessments, and reviews.
Implement requests for exceptions and whitelisting in security controls (such as firewalls, web proxies, DLP, etc)
Desirable Skills and Attributes:
This is an entry-level role, and therefore candidates are expected to meet some but not necessarily all the requirements below. Successful candidates will demonstrate an independent and self-motivated approach to learning cybersecurity skills and topics, and missing skills will be gained over time through experience and training.
Previous security and/or IT experience is desirable but not required. Freshers are also welcome to apply.
A basic understanding and aptitude for learning technical IT concepts are required.
Knowledge or experience with enterprise IT, including:
Windows and Linux operating systems and system administration
Networking, including TCP/IP and other common protocols
Microsoft Active Directory
Command-line interfaces, scripting, and programming
Understand the purpose and basic functioning of common technical security products, such as firewalls, anti-virus, web proxies, SIEM, IDS/IPS, DLP, and EDR.
Basic familiarity with vulnerability scanning and penetration testing tools and techniques.
Strong ability to focus and complete detailed tasks with high degree of accuracy.
Able to communicate complex information clearly and logically, both verbally and in writing.
Proficient with MS Office for general collaboration, communication and reporting.
Previous experience with a SIEM or other SOC tools.
Experience with network forensic tools, such as network sniffers and protocol analysers.
Experience of working in a multi-national organisation.
Experience of working in the finance or technology sectors.
Interest in financial products, trading, or investments.
A university degree in one of the following fields is preferred (but relevant experience may substitute):
Cyber / Information Security, Digital Forensics, Ethical Hacking
Computer Science, Network Engineering
Other desirable certifications include:
CEH, Security+, Network+, CySA+
Vendor certifications for Microsoft, Linux, cloud, networking or security products
The position is for a 24/7 rotational shift.
Number of openings 8