Senior Information Security Engineer at CapitalSage Technology Limited

• The Senior Information Security Engineer is responsible for developing and implementing security solutions to protect the organization's IT infrastructure, data, and systems.
• The ideal candidate will have a strong understanding of cybersecurity best practices and a proven track record of success in implementing and managing security solutions.
• The Senior Information Security Engineer will manage SIEM content, and monitor and detect cyber security threats & incidents.
• The ideal candidate is highly motivated, intellectually curious, and analytical. The role requires a blend of cybersecurity experience and highly developed communication skills.
• The purpose of this role is to enhance security monitoring tooling, detections, and incident response capabilities using SIEM solutions to provide a single view of the environment.

Responsibilities

• Develop and implement security strategies and plans
• Manage and maintain security infrastructure
• Conduct security risk assessments and audits
• Investigate and respond to security incidents
• Train and educate employees on security best practices
• Stay up-to-date on the latest security threats and trends
• Work closely with the Engineering, Application Support, Cloud Support, and various Business Teams to improve existing security monitoring and deliver resilient and comprehensive security solutions
• Onboard data to the required standards, maintain and tune log sources, data contents, and use cases
• Provide evidence of compliance for our audited environments (including PCI, ISO27001, ISAE3000, etc)
• Define how logs should be parsed and ingested for best practice
• Engage with other teams to ensure that the SIEM is performing to standard with all necessary logging sources monitored
• Analyse, design, and deliver solutions to detect and stop adversaries
• Propose additional Security Monitoring Use Cases
• Define thresholds and baselines to aggregate similar events then write correlation rules
• Ensure SIEM technologies are integrated & utilized to protect cyber-related assets
• Support the operation of the comprehensive SIEM platform
• Analyse SOC alert statistics and workflows to reduce false positives and increase fidelity.
• Manage and improve SIEM infrastructure to improve detection flexibility and reliability.
• Build pipelines to enrich logs and alert results to provide a comprehensive view for SOC analysts.
• Research new security technologies
• Support relationships with 3rd party vendors to enhance monitoring
• Contribute to requirements for other security (and allied) technologies such as Endpoint/Network Detection & Response, Intrusion Detection/Prevention, Web Proxies, et

Requirements

• Bachelor's degree in computer science, information security, or a related field
• 5+ years of experience in cybersecurity
• Strong understanding of cybersecurity best practices
• Proven track record of success in implementing and managing security solutions
• Excellent communication and interpersonal skills
• Ability to work independently and as part of a team
• Senior-level experience within a logging and monitoring function, with functional knowledge of a Security Operations Centre, preferably within a Regulated Financial Services business
• Familiar with different log onboarding techniques in Splunk including Syslog, HTTP event, Universal Forwarder, DB Connect, and API queries
• Has the ability to write SPL and use and populate data models
• Previous experience in an audited environment complying with common regulation standards
• Experience with other common Security Monitoring Technologies
• Knowledge of global security and reporting standards such as NIST and MITRE
• Common cloud-based platform technology experience is beneficial
• Delivery mindset supported by the ability to execute in a complex technical environment
• Experience collaborating cross-functionally to identify and implement best practice security, logging, and monitoring processes
• Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner
• CISSP, GIAC certifications, or equivalent
• Familiarity with Indicators of Compromise (IoCs), Indicators of Attack (IoAs), ATT&CK Tools, Techniques and Procedures (TTPs)
• Strong interpersonal skills, including good communication with the ability to articulate ideas in a precise and concise manner
• The ideal candidate is a technically inclined and experienced security specialist who enjoys working in a fast-paced collaborative team environment
• Flexible to provide on-call support 24/7 in the future if required