Cyber Threat Operations and Defence Analyst
Location: Greater London
Job Type: Full time
Are you part of the blue team? experienced in Cyber Threat response? do you have what it takes to spot and chase actors? If you do then Join Macquarie’s Cyber Threat Incident Response (CTIR) team based in our London office as a Cyber Threat Defence Analyst.
You will be working alongside a diverse team in multiple offices around the globe and be responsible for detecting, identifying, triaging, and mitigating threats and risks in our global cyber environment. You will also act to ensure that Macquarie’s digital estate is protected from threats both known and unknown.
Using your attention to detail and data driven approach you will act as an expert for the CTIR function to provide leadership, focus, and accountability for CTIR activities.
Your understanding of cyber threat as a function of human motivation, combined with your experience in actively detecting and defending against that threat utilizing a combination of standard cyber tools and your own system/platform/network knowledge, will be highly beneficial in this role alongside your similarly skilled and experienced peers.
What is the job?
- Triage active alerts and campaigns for potential systemic threats to our global business
- Proactively seek out suspicious activity and threats within the environment, act appropriately to contain and mitigate them
- Perform real-time detection, analysis, and response to threats via an EDR tool
- Analyze latest malware discoveries/shifts to understand how/if it would be effective in the environment
- Create new alerts and investigation methods in relation to the ever-changing threat landscape
- Analyze attacks and trends facing the organization and industry to better define proactive defensive measures
- Investigate threat actor activity and discover their infrastructure, motivations, and potential future actions
- Take proactive actions to have observed brand impersonating and malicious sites removed
- Discover internal security concerns and raise findings with the appropriate internal teams
- Review processes, defence plane, technologies, and alerts in search of improvement
To be successful in this role you must have a proven track record of security or operational experience in large enterprise environments, as well as operational experience across Windows, UNIX, networking and hosting domains. Experience and a strong understanding of security technology and defence topologies are imperative to be successful in this role
What the ideal candidate should know/have experience with:
- Splunk or other large log aggregation system
- An Endpoint detection and response (EDR) platform
- A Security Orchestration, Automation, and Response platform (SOAR)
- How to chase actors beyond these tools
- Analyzing Emails (e.g reading and understanding email headers, infrastructure)
- Knowledge and experience decoding and deciphering malicious code
- Familiarity with various network and cloud architectures
- Identity and Access Management (IAM)
- User and Entity Behavior Analytics (UBA/UEBA)
It would be beneficial but not essential if you had
- Scripting language understanding (Python, Powershell, etc.)
- Malware analysis (manual, static, and dynamic)
- Familiarity with the MITRE Attack framework
About the Corporate Operations Group
The Corporate Operations Group brings together specialist support services in Digital Transformation & Data, Technology, Operations, Human Resources, Business Services, Business Improvement & Strategy, and the Macquarie Group Foundation. We deliver service excellence to ensure Macquarie is open for business, deliver on transformational change, invest in our people and have deep relationships with our customers.
Our commitment to Diversity, Equity and Inclusion
The diversity of our people is one of our greatest strengths. An inclusive and equitable workplace enables us to embrace that diversity to deliver more innovative and sustainable solutions for our people, clients, shareholders and communities. At Macquarie, you'll be encouraged to be yourself and supported to perform at your best. If you're inspired to deliver on our purpose of ‘empowering people to innovate and invest for a better future’, we want you on our team. If you need adjustments made to the recruitment process, please reach out to your recruiter.
As an inclusive employer, Macquarie does not discriminate on the grounds of age, disability, sex, sexual orientation, gender identity or expression, marriage, civil partnership, pregnancy, maternity, race (including colour and ethnic or national origins), religion or belief.
Joining Macquarie means you’ll be able to work in a way that suits you best. With the right technology, support and resources, our people can work in a range of flexible ways. Talk to us about what working arrangements would help you thrive.