Threat Hunter - Technical Consultant, Cyber Defence Operations
About the opportunity Department Description
The Global Cyber & Information Security function is a part of the Global Technology department. The Global Technology Group function provides IT services to the Fidelity International business. These include the development and support of business applications that underpin our revenue, operational, compliance, finance, legal, marketing and customer service functions. The broader organisation incorporates Infrastructure services that the firm relies on to operate on a day to day basis including data centre, networks, proximity services, security, voice, incident management and remediation.
Global Cyber & Information Security is made up of the following functions;
- Application Security
- Centralised Access Management
- Infrastructure Security
- Security Engineering and Architecture
- Security Application Support
- Cyber Defence Operations (CDO)
- Information Security (and the ISO function)
The Cyber Defence Operations function at Fidelity International is part of the Global Cyber & Information Security (GCIS) Group, reporting to the Head of Global Cyber & Information Security. Our mission is to develop an intelligence-led, proactive cyber security response to defend Fidelity and its assets from cyber threats, to reduce risk and business impact. We adopt an 'assumed breach' position using multiple in-depth capabilities for protection, detection and response along with established playbooks to enable rapid response when an event occurs. Purpose of your role
The successful candidate will be experienced in security operations, understanding the value of hunting actions and how this can enhance a global detection capability. This is a critical role expected to build and maintain our threat hunting capability and help mature our monitoring and response processes.
The successful candidate will be comfortable working at a deep technical level, proactively suggesting detection logic whilst also being able to prioritise hunting based on multiple intelligence sources. The successful candidate will be able to demonstrate understanding of common detective security controls, experience in leveraging multiple sources to improve controls, an awareness of novel attack techniques and an understanding on how best to maintain a threat hunting programme. The role will be supported by a global team of detect and respond analysts and engineers who are looking at this role to provide them with high fidelity alerts and improvements. It will also be supported by a strong security leadership team who are keen to develop our hunting capability underpinned by our investment in leading security tooling. Our leadership team will be looking at this role to significantly increase our detection capability measured against common security frameworks. Key Responsibilities
Experience and Qualifications
- Development and implementation of advanced analysis and search capability to identify potentially sophisticated APT and insider threat activities.
- Researching new and existing attack techniques and our ability to detect these techniques within the business.
- Work closely with the security engineering and threat intel team to develop advanced detection capability and improve overall efficiency of the SOC.
- Proactively investigate host, network and log-based security events
- Conduct Malware Analysis
- Advanced Host, Network, and Memory Forensics
- Research new attack techniques to uncover innovative detection capabilities
• Experience and strong understanding of frontline security operations
• Competent in scripting languages required for automation e.g KQL, C, C++, Java, Python, etc
• Experience creating or continually improving a hunting program
• Some reporting ability, with an understanding on how to tailor reports to show detection improvements
• Understanding of modern security attack techniques and how best to detect them
• Understanding of how raw security data can flow between technologies and be manipulated to provide useful security information.
• Experience in cloud environments would be desirable
• Strong communication skills with evidence of being in a position responsible for providing input into other teams and turning this into measurable improvements.
• Banking or Finance industry related experience desirable Soft skills
Your skills and experience
- Analytical skills
- Challenge the current processes
- Passion for the cybersecurity field
- Time management
- Able to organize others
Nice to have
- At least 2 years of experience working in a SOC or Incident Response position.
- Knowledge of or experience working with security (SIEM, NetFlow, IDS/IPS, Anti-Virus)
- Experience explaining the risk of security threats and creating mitigations.
- Experience of general IT infrastructure technologies and principles.
- Understanding of the underlying protocols including: HTTP, HTTPS, SMTP, SQL.
- Understanding of Networking Architecture (OSI Model).
- Experience using data science or advance analytical tool.
About you About Fidelity International
- Experience dealing with security frameworks such as NIST and MITRE
- Nice to Have Certifications - Security+, Network+, GCIA, GCIH, GCFA, GMON, GNFA, SSCP, OSCP
Fidelity International offers investment solutions and services and retirement expertise to more than 2.5 million customers globally. As a privately held, purpose-driven company with a 50-year heritage, we think generationally and invest for the long term. Operating in more than 25 countries and with $739.9 billion in total assets, our clients range from central banks, sovereign wealth funds, large corporates, financial institutions, insurers and wealth managers, to private individuals.
Our Workplace & Personal Financial Health business provides individuals, advisers and employers with access to world-class investment choices, third-party solutions, administration services and pension guidance. Together with our Investment Solutions & Services business, we invest $567 billion on behalf of our clients. By combining our asset management expertise with our solutions for workplace and personal investing, we work together to build better financial futures.
Our clients come from all walks of life and so do we. We are proud of our inclusive culture and encourage applications from the widest mix of talent, whatever your age, gender, ethnicity, sexual orientation, gender identity, social background and more.
As a flexible employer, we trust our people to perform their role in the way that works best for them, our clients and our business. We are a disability-friendly company and would welcome a conversation with you if you feel you might benefit from any reasonable adjustments to perform to the best of your ability during the recruitment process and beyond. Data as at 31 March 2021. Read more at https://www.fidelityinternational.com/
Applying to this Job Role: Please note you are only required to upload your CV/Resume to the application screen.