< Back to All Jobs
Barclays - 3 days ago
Director of Cyber Incident and Analysis
Posted: 15 March, 2019
Director of Cyber Incident and Analysis - 90217716
Posting Range:12 Mar 2019 - 30 Apr 2019
About Chief Security Office
Chief Security Office (CSO) engages in a range of activities to maintain the confidentiality, integrity and availability of the Firm’s Physical and Information assets and to assist in the delivery of secure solutions to the business.
Teams include Cyber Security Operations, Physical Security, Intelligence, Investigations, and Resilience.
Overall purpose of role
Cybercrime and cyber-attacks against institutions are growing considerably in quality, quantity, and complexity, targeting both private industry and national critical infrastructure. However, a holistic approach across all security disciplines is required to ensure that these are mitigated successfully. Successful attacks against organizations can result in significant disruptions to business transactions, operations, and client activities, as well as regulatory scrutiny, reputational harm and brand tarnishment.
As a global bank, Barclays is at the crosshair of cyber criminals. As an organization that process financial transactions, stores and transmits sensitive client information, and participates in the global financial marketplace, Barclays is an attractive target to organized criminals, hackers and hacktivists. Barclays can expect to see a continued increase in the number and sophistication of cyber-attacks against it, its partners, and its employees and clients. This is made more of a critical issue given the bank’s strategy of providing more and more of its services and products online and via mobile channels.
The developments described above require a different and much more proactive and intelligence led cyber defence, compared to the normal reactive and incident based defences built over the last 20 years. The modern Chief Security Office develops and operates tools that are used by internal groups for protecting information, understanding internal systems and networks in order to prevent attacks, and analysing information to determine whether the organization is under attack. In addition, other tools used in the day to day management of employees or systems may be managed by the Chief Security Office if they are related to its mission of protecting the assets of the company and its customers.
- Experience in the field of security monitoring, incident response and mitigation, web application security, threat research or intelligence analysis.
- Proven experience of running & operating a global operational facility.
- Proven leadership, relationship management and communication skills
- Experience of building and delivering a world-class security operations team.
- Incident, Problem and Change Management trained.
- Extremely effective people manager – able to manage, motivate and inspire a large operational team
- Cyber Threat Monitoring and SIEM Integration;
- Knowledge of SIEM Technologies & Usability in a Large & Complex Computing Environment
- Knowledge of Development & Identification of Data Correlations to Increase Fidelity of Security Alerting
- Knowledge of SIEM Static, Behavioural, Predictive, & Trending Detections and Alerts
- Knowledge of Documentation and Ticketing fundamentals
- Knowledge of Leveraging Knowledge Management
- Knowledge of Splunk
- Digital Forensic and Incident Response skills
- Knowledge of Open Source Network Analysis Tools
- Knowledge of Network Incident Response Tool Usability and Analysis Concepts
- Knowledge of PCAP Capture, Analysis, and Traffic Patterns
- Knowledge of Networking Types, their Communication Methods, & Associated Vulnerabilities (Wireless, Wired, etc.)
- Knowledge of Network Communications to Identify & Rectify Gaps in Network Visibility Coverage & Monitoring
- Knowledge of Network Investigation Concepts
- Knowledge of System Incident Response Concepts
- Experience with Tools to Identify & Correlate Registration Information about Suspect Domains or IPs
- Knowledge of How to run forensic investigations
- Knowledge of Chain of custody/Proper procedures Able to demonstrate a proven track of Incident, Problem and Change Management.
- A good understanding of and keen interest in geopolitics, international security and current affairs.
- A good technical understanding of the threats against the financial industry from both the physical and Cyber threat domains
- Networking Principles to include
- Knowledge of Networking Principles, Protocols, & Practices
- Knowledge of Network Types
- Understanding of Network Based Threat Vectors
- Proficiency in
- Cyber Kill Chain
- Intelligence Driven Defence
- Security architectures
- Confident, with the ability to remain calm, controlled and focused in pressure situations
- Ability to identify operational risks and issues in a fast time environment, and take proportionate and appropriate actions.
- Ability to help write concise reports based on complex data with accuracy, brevity, and speed.
- A good understanding of a Corporate, Physical Security Environment.
- Previous experience in a Security Control Room environment is desirable.
- Previous experience of Incident Response procedures, with technical ability to ‘take control, and co-ordinate’ major security incidents
Barclays - 3 days ago
How to Apply?