Technical Analyst - Cyber Defense Operations

Job Description

About the opportunityDepartment DescriptionThe Cybersecurity function is a part of the Global Business Solutions Risk (GBS) & Cybersecurity department, within the GBS group. The GBS Group function provides IT services to the Fidelity International business, globally. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.GBS Risk & Cybersecurity is responsible for:Cybersecurity: Protecting the Technology Environment from internal and external security threats,Application Security (through secure coding practices, penetration testing, and developer training)Centralised Access Management working to principles of least privilege, access appropriate to role, and Role Based Access ControlInfrastructure SecuritySecurity Engineering and ArchitectureSecurity Application SupportCyber Defence Operations (CDO)Information Security Risk ManagementTechnology Risk and Audit Management,Technology Service ContinuityPurpose of the RoleThe Cyber Defence Operations team has a requirement for day-to-day management of security tools used to respond to malware and other security related incidents. The technologies include, but are not limited to, Advanced malware detection, DDoS, IPS, anti-spam, threat intelligence and logging/analytics capabilities. The ideal candidate has experience of not only using a wide range of technologies to respond to security events, but also supporting ongoing maintenance of the tools.Key ResponsibilitiesSecurity toolsConduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)Use provided tools to perform continual monitoring and analysis of system activity to identify malicious activity and configure mitigationsCoordinate with other departments to manage and administer the updating of rules and signatures (e.g. intrusion detection/protection systems, anti-virus, and content blacklists) for specialized applications.Coordinate with enterprise-wide Networks teams to validate network alertsEmploy approved defence-in-depth principles and practices (e.g., defence-in-multiple places, layered defences, security robustness)Recommend computing environment vulnerability correctionsIdentity and correct inconsistencies or complications in processTriage events including malicious activity and incidents of concernAnalyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and informationReceive and analyse network alerts from various sources within the enterprise and determine possible causes of such alertsAssist in determining appropriate course of action in response to identified and analysed anomalous network activityAnalyse network traffic to identify anomalous activity and potential threats to network resourcesDocument and escalate incidents (including event s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environmentProvide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activitiesPerform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attackReporting, monitoring & supportIdentify potential conflicts with implementation of any tools within CDO area of responsibility (e.g., tool/signature testing and optimization)Provide summary reports of network events and activity relevant to CDOPerform trend analysis and reportingMonitor external data sources (e.g. vendor sites, Computer Emergency Response Teams, SANS, Open Source and Private feeds) to maintain currency of threat condition and determine which security issues may have an impact on the enterpriseSupport weekly reporting activities on a rotational basis for the CDO functionExperience and Qualifications RequiredExperience and strong understanding of frontline security operationsUnderstanding of modern security attack techniques and how best to detect themUnderstanding of how raw security data can flow between technologies and be manipulated to provide useful security detetction information.Experience in cloud environments would be desirableStrong communication skills with evidence of being in a position responsible for providing input into other teams and turning this into measurable improvements.Banking or Finance industry related experience desirableSoft skills
• Analytical skills
• Challenge the current processes
• Passion for the cybersecurity field
• Time management
• Able to organize others
Your skills and experience
• At least 2 years of experience working in a SOC or Incident Response position.
• Knowledge of or experience working with security (SIEM, NetFlow, IDS/IPS, Anti-Virus)
• Experience explaining the risk of security threats and creating mitigations.
• Experience of general IT infrastructure technologies and principles.
• Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL.
• Understanding of Networking Architecture (OSI Model).
• Experience using data science or advance analytical tool.
• Programming experience (PowerShell, Bash, Python, JavaScript)
Nice to have
• Experience dealing with security frameworks such as NIST and MITRE
• Nice to Have Certifications - Security, Network, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP
About you About Fidelity InternationalFidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 31 March 2021. Read more at https://www.fidelityinternational.com/Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.,

Keyskills :
sqlenvironmenttroubleshootingit servicesjavaunified threat managementdata centeropen sourcesql serveraudit managementasset managementdata sciencesecure coding