What will you be doing?
This role will be a 24x7x365 analyst position Shifted pattern within our Joint Operations Centre in Pune, part of a globally distributed operational team that performs the following mission-critical functions :
1st / 2nd line analysis, triage and escalation of security events within the SIEM, through to escalation and remediation of detected security incidents.
Coordinate and support remediation activities within scope. Understand when to escalate events and to whom; Track and report security incidents to remediate and drive closure.
Utilise existing processes and technologies in place, to detect, respond and prevent malicious electronic attacks to Barclays’ networks and network estate;
provide guidance to identify attacks, attacker’s suitable mitigation techniques.
1st line point of contact, providing command, control and reporting support to Major Incident Management teams for all security incidents.
Interprets, analyses and reports all events and anomalies in accordance with cyber security related directives, including initiating, responding and reporting discovered event.
Analysis of Intelligence information to ensure enhanced detection, as well as improvement of functional capability.
Help deliver, technical detection and response programs and initiatives; leveraging previous experience, methods & tools to provide value for the organization through risk reduction.
Support identification, enhancement, improvement and delivery of monitoring and response methods and processes, to reduce risk to the Organisation.
What we’re looking for :
Proficiency in SIEM technologies & usability in a Large & Complex Computing Environment.
Analysis and response of detected security incidents, timely escalation and drive to ensure the closure of incidents.
Incident Response skills including proficiency in PCAP Capture, Network Analysis, and Traffic Patterns.
Identify attacks and malware (Trojans, Ransomware, etc.) analysing event data generated from proxy, endpoints, IDS, MPS, network devices etc.
Skills that will help you in the role :
Proficiency of Operating System fundamentals and OS Security (Windows & Linux);
Proficiency in Networking Principles, Protocols, & Practices;
Understanding of traditional ITIL concepts Incident, Change and Problem management;
Understanding of Cloud Security Principles (AWS / Google / Azure)
Understanding of Open Source network analysis tools, and Open-source intelligence tools (OSINT).
In-depth knowledge of the Cyber Kill-Chain, Intelligence-driven defence and security architectures.
Ability to help write concise reports based on complex data with accuracy, brevity, and speed.
Understanding of Ethical Hacking from the perspective of a Blue-team member; the countermeasures and mitigation controls which can be implemented to minimise the threat landscape and risk to an organisation.
Appreciation of End Point security products including firewalls, Anti-virus and network access control.
Appreciation for programme and project management methodologies.
Experience delivering technical detection and response programs and initiatives is also desirable.
Active SANS certifications in the areas of network, incident handling, malware and forensic analysis (GREM, GCIA, GCFA, GCIH) are desirable, but not essential.
Strong working knowledge of Splunk and the Splunk Query Language.
Understanding and experience of reverse-engineering malware would also be beneficial, but is not essential.
A good technical understanding of the threats against the financial industry from both the physical and Cyber threat domains
Proficiency in Phishing Threat Types (Targeted Spear, Broad-based SPAM, Targeted Industry, Whaling, etc.)
Where will you be working?