SOC Analyst (Tier 2) – HYBRID

Job Overview

Job Description

Division : CISO

Cyber Defence Centre (CDC) is part of the Chief Information Security Office. The main responsibility of the team is to reduce the risk of Euroclear cyber threat surface by monitoring for malicious intent targeted at Euroclear’s services, it’s supporting assets and people. We do this through the Cyber Threat Management (CTM) capabilities, Security Operations Centre (SOC) which includes monitoring (Tier 1 & Tier 2), Cyber Incident & Response Team (CIRT; Tier 3) and Data Leakage alert monitoring and Threat Detection & Response Engineering Team (TDRE). This includes cyber threat intelligence, brand and digital footprint monitoring, security incident and event monitoring, cyber analytics, incident management and forensic analysis.

CDC supports capabilities within the security domain and acts as subject matter expert across all divisions in the company as well as interacts with external stake holders, including customers, oversight bodies, threat intelligence providers, compliance and third parties.

The Security Operations Centre (SOC) houses the information security team responsible for monitoring and analyzing an organization’s security posture on an ongoing basis. The SOC team’s goal is to provide 24x7x365 capabilities to detect, analyze, and respond to cybersecurity incidents using a combination of technology solutions and a strong set of processes. The SOC staff work closely with the Cyber Incident Response team (CIRT) to ensure security issues are addressed quickly upon discovery.

The SOC monitors and analyses activity on networks, servers, endpoints, databases, applications, websites, and other systems, looking for anomalous activity that could be indicative of a security incident or compromise.

Role

Candidates in this role will respond to events or conduct incident response operations according to documented procedures and industry best practices. Candidates in this role must have excellent communication skills.

Candidates will be required to participate in multiple intelligence communities and be able to disseminate pertinent information throughout the SOC.

Ideal candidates should have extensive experience in Linux and/or Windows operating systems as well as multiple security areas such as SIEM, IDS, EDR, and WAF while having a deep knowledge of networking and attack methods. Must display enthusiasm and interest in Information Security.

First point of escalation for the Tier 1Hunting for suspicious anomalous activity based on data alerts or data outputs from various toolsetsReview and build new operational processes and procedures. Review the automated process workflows and provide feedback for updates/enhancements. Triage and investigation of advanced vector attacks such as botnets and advanced persistent threats (APTs)Advice on the tuning of IDS, proxy policy, in-line malware tools based on threat feeds, trust and reputation data, incidents, or vulnerabilities and exploits of downstream systemsProvide use case creation/tuning recommendations to the Security Intelligence Analyst based on findings during investigations or threat information reviews Lead response actions for incidents where CIRT is not required to intervene (low/medium priority)Works directly with data asset owners and business response plan owners during low and medium severity incidentsPerforming administrative tasks per management request (ad-hoc reports / trainings)Support the creation and maintenance of a knowledge baseProvide training, knowledge sharing sessions to the SOC teamMentor the Tier 1 teamSupport the Service Delivery Manager with reporting

Technical Skills

3+ year prior experience in a similar positionExperience of network security zones, Firewall configurations, IDS policiesIn depth knowledge TCP/IPKnowledge of systems communications from OSI Layer 1 to 7Experience with Systems Administration, Middleware, and Application AdministrationExperience with Network and Network Security tools administrationKnowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposesAbility to define a containment strategy and execute Experience with Security Assessment tools (NMAP, Nessus, Metasploit, Netcat)Good knowledge of threat areas and common attack vectors (MITRE ATT&CK) Nice to have:Splunk and XSOAR experienceExperience with log search tools such as Splunk, usage of regular expressions and natural language queriesKnowledge of common security frameworks (ISO 27001, COBIT, NIST)Knowledge of encryption and cryptographyPrevious experience in the financial industryScripting (automation) and familiarity with Cloud (AWS/Azure)
Soft Skills

Passion and drive to work in start-up division with potential of significant growth in scope and servicesPossess good logical and analytical skills to help in analysis of security events/incidentsAbility to interact with staff, peers and customers on a technical and professional levelEffective verbal and written communication skills Fast and independent learner, with ambition to self-improveHave good analytical skills/problem solving skills

About Us

Why join us

Embark on your new adventure at Euroclear, and work at the heart of the global capital markets. We connect over 2,000 financial institutions across the globe. As an open and resilient infrastructure, we contribute to the stability of the financial markets. We help clients cut through complexity, lower costs, and mitigate risks of financial transactions. At Euroclear, we have the clear ambition to use our key role to facilitate and accelerate a sustainable global financial system.

What We Offer

Work closely with inspiring, supportive and engaged colleagues from more than 80 different countries. Practice your talents in a highly professional international environment. Join a learning and development environment with an emphasis on knowledge sharing and training.Competitive salary and comprehensive benefits.

New ways of working

Find your own optimal balance within our hybrid working model, where you can connect at the office and also benefit from remote working.

Great Place to Work for All

We are committed to creating an inclusive culture that celebrates diversity and strives to be a Great Place to Work for All. All qualified applicants will be considered for employment, regardless of any aspect that makes them unique (including race, religion, national origin, gender, sexual orientation, age, marital status, pregnancy, disability, …). If you need any specific accommodation due to disability or any other reason, you can let the recruiter know during your application process.

About The Team

As a global critical financial infrastructure, the protection of Euroclear information and assets is fundamental to the companys’ business. Security is at the core of our services, firmly embedded in the management systems and processes of the company. You will be joining our Chief Information Security Office (CISO) in charge of putting in place the required controls to adequately and effectively protect our information assets.