|Job ID||Location||Work Location|
|22019Z||Reading||Reading Office (GBM)|
|Job Type||Contract Type||Hours Per Week|
|Shift Pattern||Closing Date|
|On call -1 week in 4||N/A|
Our people make us who we are. We’re a diverse and inclusive bunch, and it’s important you can feel you belong here. We value everybody for who they are and what they bring to the table, supporting one another as we continue to deliver for our customers.
Where possible we’re committed to flexible working and supporting our employees to have the right work life balance. Do however note, if you choose to apply for a different work location you will not have any eligibility for relocation support or travel allowances.
Accountable for the definition and development of security tools that operate and are monitored within the Security Operations Centre (SOC) to identify and detect security threats, coordinating an effective response and recovery.
Working with partners the Cyber Security Operations Analyst is accountable for coordinating an effective response and rapid recovery to detected security incidents and threats, minimising security incidents and potential impact, allowing the business to maintain availability.
Accountable for effective governance that ensure policies and standards based on recognised best
practice frameworks enable the delivery of best-in-class security operations.
- Incident Response - Lead or support the technical response to cyber security incidents in collaboration with partners and Three stakeholders
Contribute to the development and improvement of security tools, technologies, and services used by the Security operations Centre and our partners to protect Three
Work closely with the Security Operations Centre to provide operational support and improve and mature use cases and playbooks
Assess threat intelligence and where necessary coordinate with partners to ensure appropriate remediation or mitigation activities are carried out
Conduct reactive and proactive threat hunting, and contribute to the development of an intelligence-led framework, to protect Three against emerging and known threats
Contribute to post incident reviews to identify lessons learnt considering people, process, and tools to identify improvements and control enhancements to better detect, protect, respond to and recovery from a future cyber security incident
Co-ordinate with partners to ensure vulnerability scanning and assessments are carried out, reported and appropriate remediation or mitigation activities are carried out
Proactive monitoring of various security tools and technologies
Participate and contribute to cyber incident response exercises
- Must have experience working in cyber security operations
- Must have practical experience of working in a security incident response team and leading the technical response to cyber security incidents
- Must have experience working with cyber security tools and technologies, including endpoint security, email security, network security, SIEM, SOAR, vulnerability scanning, and IDS/IPS
- Must have strong working knowledge and understanding of vulnerability management, threat intelligence and threat hunting
- Experience of working at pace within a complex operational environment
- Security qualifications such as Security+, CEH, GSEC, CISSP are desirable
- Understanding of cyber security standards and frameworks; ISO27001, NIST, SANS and OWASP
- Up-to-date knowledge of current exploits, vulnerabilities, threats, and security analysis techniques
- Knowledge of TCP/IP, network protocols, OSI model, routing and switching and packet analysis tools
- Understanding of various operating systems, including Windows and Unix
- Experience of conducting forensic investigation and analysis using different toolsets
- Working knowledge of one or more SIEM solutions
- Experience of improving the maturity level of security controls in line with industry best practice and standards
Three are a proud signatory of the Tech Talent Charter (TTC), working across industries to drive greater inclusion and diversity in technology roles.