Senior Security Monitoring and Response Analyst

Job Title: Senior Security Monitoring and Response Analyst

Overview:

The Vocalink Security Operations Centre (SOC) is looking for a Senior Security Monitoring and Response analyst, specialising in Insider Threat and Data Loss Prevention, to join a small team operating and improving controls to secure our information assets, advancing the insider threat program, to identify risks to information and provide prevention and detection capabilities using a range of technologies.

Role/Responsibilities:

1. Enhances Vocalink’s insider threat capabilities, protecting our employees, the business, our customers and services.
2. Operates and evolves response plans for escalated issues, involving stakeholders and functions that are key to successfully concluding incidents.
3. Operates and evolves DLP and insider threat focused controls to identify policy / compliance violations, and proportionate escalation pathways.
4. Monitoring of key technologies used to identify and alert on potential data loss and insider threat events.
5. Contributes to an intelligence-led approach to design-out risks from data loss and insider threat, and to improve business processes.
6. Responds to data loss and insider threat events escalated from any source.
7. Maintains accurate recording of insider threat investigations.
8. Engages with compliance and HR functions, and wider security stakeholders, ensuring successful conclusion of investigations.
9. Informs lessons learned, recommending mitigations and controls to reduce risk.
10. Reports any security control or policy gaps and identifies areas for wider security improvements.
11. Reports performance metrics for the insider threat function.

All About You:

In this role you will need to be able to do, and have experience of, the following:

1. Experience within an insider threat or allied function.
2. Experience in the implementation of monitoring strategies to identify increases in risk, and the factors that influence the increases.
3. Experience of Data Loss Prevention and File Integrity Monitoring technologies, including the creation of technical controls, playbooks & process documentation, as well as handling the outputs of these to successful conclusion. Experience working in a Security Operations Centre is desirable.
4. Experience in the identification of risks presented by a workforce with privileged access to a range of assets is desirable.
5. Experience with SIEM technology, proposing use cases and dashboards to enhance monitoring capabilities.
6. Experience using various network / security technologies during security investigations is highly desirable.
7. Understanding of access management processes is highly desirable.
8. Relevant security certifications desirable.