Job Description This role will be responsible for collection and analysis of security event data, management of security alerts, response to, and investigation of, security incidents. At a high level the role is responsible for the monitoring aspects of the Security Operations Centre (SOC) Target Operating Model (TOM).
- Collecting and analysing security event data arising from activity across the organisation.
- Tuning and improving rules generating security alerts and follow up by investigating indicators of potentially malicious activity, escalating incidents, or initiating responses.
- Managing the response procedures and investigations of security events or incidents.
- Containing and remediating those incidents, identifying potential process improvements.
- Maintain organisational readiness through preparedness exercises and co-ordinating red team activity.
- Advising product and service owners of potential mitigations.
Responsibilities
- Manage the implementation of the DBT monitoring policy.
- Support the management of the SOC TOM, policies, and standards to govern all activities and outputs.
- Manage the monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents, and review analysis of security event data to manage security incident response, reporting, or escalation where appropriate.
- Produce thorough documentation on complex incidents focussing on the improvements that can be made to processes, playbooks and tooling.
- Lead small monitoring teams in the design, development, and enablement of automated monitoring processes, recommending and implementing the latest SIEM (Security Information and Event Management) and network analysis tools, techniques, and procedures to detect malicious activity and ensure continuous improvement through dashboard monitoring or retrospective assessment.
- Manage DBT’s response policies and processes to meet the needs in line with appropriate standards.
- Manage incident response exercises and scoping, design and governance of red-teaming and threat-hunting activity in collaboration with the Threat Hunter.
- Communicate the significance of the results of investigations and risk mitigation outcomes, guiding the organisation in the improvement and maintenance of a robust response to new threats and attack vectors.
- Manage post-incident review, including root cause analysis, to feed-back information and so improve monitoring.
- Provide specialist, tailored advice on mitigation, handling escalations with risk and service owners as appropriate.
- Line management/mentorship of Junior SOC Analysts.
This role is available in seven UK locations and can only be worked from within the UK, not overseas. Most DBT employees will be working a hybrid pattern, spending 2-3 days a week (pro rata) in the office on average. Changes to these working arrangements are available in certain circumstances but must be agreed with the vacancy manager and in line with the requirements of the role and can only be discussed with successful candidates. Travel to your primary office location will not be paid for by DBT, but costs for travel to an office which is not your main location will be covered.
Find out about life at DBT, our benefits and meet the team by watching our recruitment video, visiting our website or reading our blog!