The Security Operations Analyst is instrumental in the implementation and day-to-day operation of R3’s Security Operations Centre (SOC) capability. Reporting to the Operations Security Lead, as part of a small team of information security specialists, you will ensure that the SOC supporting R3’s twin missions of the enterprise software vendor and operator of the Corda Network and Corda Managed Services is appropriately designed, built, and operated to address the information risks faced by R3, as a cloud-native company. This is an exciting role, and not for the faint-hearted. You’ll be working to establish R3s SOC capability from the outset, in terms of tool configuration and operation, as well as threat hunting and building automated detection procedures.
You’ll have a technical security background in financial services, telecoms or critical infrastructure service provider, or maybe an enterprise-scale end-user security department. You’ll have experience of threat hunting, likely from working in a SOC. You’ll be used to working in environments with comprehensive security control environments, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help “write the book” on building the technical security controls to support enterprise distributed ledger technology and services.
Responsibilities (the Security Operations Analyst will… )
- The Security Operations Analyst will monitor alerts and investigate security events via a SIEM solution to investigate suspicious activities; leading containment and prevention, as well as supporting recovery.
- Carry out, improve, and document procedures for threat hunting and investigation; security response and security incident handling. Automate what can be automated, and hunt for what can not.
- Build and run regular vulnerability scanning for R3 assets and infrastructure. Perform in-depth vulnerability assessments. Commission and support external penetration testing and red team-type activities.
- As part of the wider security team, implement preventative and detective technical security controls for R3’s cloud and on premises infrastructure, including driving conformance to operating system and cloud environment benchmarks, network security controls, and consistent logging and alerting. These controls will be integrated into the wider R3 security control environment as the foundation for R3’s security operating capability.
- Work with the wider security team to prepare for, and undergo external service auditor assessments of the security control environments which you help to develop. R3 is scheduled for SOC 2 assessment within the next year.
Qualifications (the must haves… )
- First and foremost we want you to love what you do. You’ll need to be a security evangelist within R3 and the community of Corda Network and Corda Managed Service participants, both current and future.
- You’ll have three or more years experience in an information security role. We’d love to see evidence of other experience too, you might have been a developer, systems administrator, network operations person, penetration tester or researcher in a previous life.
- We believe that we work better as a team. You’ll be working in a diverse team of people with a variety of skills and backgrounds, a high level of emotional intelligence will be assumed. People skills are essential.
- You’ll need excellent communication skills, both verbal and written. You’ll be happy explaining the control environment that you have helped to develop to R3’s clients or service auditors.
- You’ll need strong hands on experience with operating a SIEM solution. You will be practiced in using a SIEM for threat hunting, and subsequent security response.
- R3’s control environment is risk-driven, as a result you’re going to need a pragmatic approach to the assessment and prioritisation of risk.
- You will have relevant experience of working in control environments for mission critical service delivery. Financial services experience would be ideal, but experience in other areas such as telecoms or other critical infrastructure may also be a good fit.
- You’ll need experience in working in on premises deployments and at least one public cloud provider. Microsoft Azure is our platform of choice, but if you’re a strong AWS or GCP person and are still interested, so are we. You’ll understand the appropriate network security controls available in each environment an be able to specify and deploy those solutions as needed.
- You’ll have extensive Linux experience. You’ll need to have been deploying infrastructure as code in your previous role. We use Terraform and Ansible for this. We’d love it if you had direct experience of these, but we’re still interested if you’ve used other automated provisioning and configuration management tools.
- You’ll need a thorough, whole-stack understanding of internet networking, and the tools an attacker would use. You should be happy messing with all kinds of internet protocols. We don’t expect you to be developing new exploits for Corda or Conclave enterprise software, but if you have any to hand, we’d be very interested to hear about them.
- Hands on experience of vulnerability assessment tools from Tenable, Qualys or Rapid 7.
- You’ll need to be able to automate things. Working knowledge of at least one contemporary scripting language is essential. We won’t expect you to write in all languages, but you should be confident in reading at least Python, and either Shell script or PowerShell.
- Working knowledge of at least one modern query language is essential.
- You will have an appreciation of the variety of technical products available to R3 including endpoint security, identity and access management, network security controls (firewalls, VPN), and intrusion detection.
Qualifications (the nice to haves…)
- Exposure to Azure Sentinel, Azure Security Center, and Defender ATP would be particularly useful, however not essential.
- Relevant professional qualifications would be great. We have ISACA and ISC2 members already, so we’ll look favourably on professional certifications, so long as you can relevant explain why they’re relevant. We’d love an OSCP on board, but SANS GIAC certifications are also good. You’ll need to demonstrate that any certifications you claim are valid and current (we will check).
- It would be great if you’ve an understanding of working in an ISO 27001 certified, or SOC 2 assessed organisation.
- Understanding of public key infrastructure would be very useful. We’d be particularly interested to hear from people who’ve worked in internal PKI teams or for commercial CAs.
- Experience with the management and protection of cryptographic key material, including the deployment, and operation of on-premises HSMs would be a plus.
- An engineering or science degree would be great, but appropriate career experience is just as important. Be prepared to tell us all about that experience.
How We’re Handling Covid-19
We are extremely grateful to continue to grow as a company during these unprecedented times. Our #1 priority is the health, safety, and wellbeing of our current and future R3’ers. We want to share with you what we’re doing and what you can expect throughout our interview and on-boarding processes.
Since March, most R3’ers have been working remotely, although we have opened some key office locations global, with limited capacity for those that cannot work from home or need to come into the office.
As you go through the virtual interview process with us, please don’t worry if children or pets make a guest appearance. We understand these things happen- it’s real life after all! If we are fortunate enough to welcome you to the team, we’ll get a laptop couriered to you and get you set up virtually on your first day. We also provide you with a “Work From Home” allowance to enable you to purchase some equipment to be more comfortable and productive.
We Have And Will Continue To Take Steps To Ease Some Of The Burden For Our R3’ers
We understand that Work From Home (WFH) life can be challenging in many ways, so some of the additional support measures we have in place include;
- New Starter WFH allowance (as mentioned above) to get you setup to work productively at home
- Additional access to wellbeing resources (as well as the support provided as part of your Vitality Private Medical) including a year’s free subscription to the Headspace app and modules on our Lessonly training platform from MindGym (including Goal getting, Stress Busters and Virtual Work)
- We also have additional health and wellbeing resources available on our wiki pages when you join.
R3 may process the personal data collected or identified as being imported in accordance with R3’s Recruitment Privacy. Read the policy here. In particular, R3 will use the personal data provided for the purposes of processing your application for the role you have applied for, to assess your suitability for the role as well as to enter into a contract with you if you are successfully brought onto the R3 team.