【フィデリティ投信株式会社】Technical Consultant
仕事内容
The successful candidate will be experienced in security operations, understanding the value of a well-developed and maintained SOAR, SIEM and security tooling and how this can enhance an analysts response to events. This is a critical role expected to build and maintain our operational security controls and security ticketing capability and help mature our monitoring and response processes.
The successful candidate will be comfortable working at a deep technical level with a multitude of security tooling, proactively deploying new capability whilst also being able to prioritise suggestions from our front-line team. The successful candidate will be able to demonstrate understanding of frontline security analysts workloads, experience in simplifying and automating security actions and an understanding on how best to manage an engineering teams workload. The role will be supported by a global team of security engineers and detect & respond analysts. It will also be supported by a strong security leadership team who are keen to develop our operational engineering capability underpinned by our investment in leading security tooling. Our leadership team will be looking at this role to significantly decrease our time to respond - a key KPI for us.
応募資格(必須経験など)
Security tools
Conduct research, analysis, and correlation across a wide variety of all source data sets (e.g., indications and warnings)
Use provided tools to perform continual monitoring and analysis of system activity to identify malicious activity and configure mitigations
Coordinate with enterprise-wide Networks teams to validate network alerts
Employ approved defence-in-depth principles and practices (e.g., defence-in-multiple places, layered defences, security robustness)
Recommend computing environment vulnerability corrections
Identity and correct inconsistencies or complications in process
Triage events including malicious activity and incidents of concern
Analyse identified malicious activity to determine weaknesses exploited, exploitation methods, and effects on system and information
Receive and analyse alerts from various sources within the enterprise and determine possible causes of such alerts
Assist in determining appropriate course of action in response to identified and analysed anomalous network activity
Analyse network traffic to identify anomalous activity and potential threats to network resources
Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment
Provide timely detection, identification, and alerts of possible attacks/intrusions, anomalous activities, and misuse activities, and distinguish these incidents and events from benign activities
Perform event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack