Senior Cyber Security Operations Analyst - Threat Hunting

Location: North Greenwich, London – remote working – 50% office attendance model Salary range: £55,000 – £60,000 plus fantastic company benefits like final salary pension scheme, and free tube and bus travel. UK Sponsorship Available, although candidates are responsible for their own application fees. About us: As cyber threats continue to diversify and grow, so too does TfL’s need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems which keep London moving. TfL’s cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our customers as they travel across London’s Transport network. About the role: You will support the threat hunting function within the TfL Security Operations Centre (SOC), providing the skills needed to develop a world-class hunting capability across the organization. You will be responsible for coordinating hunting activities across teams and with key stakeholders to identify and remediate potential threats. You will be responsible and accountable for defined aspects of the implementation and improvement of TfL’s cyber security posture. This includes the identification and capture of requirements, engagement with stakeholders, the selection and delivery of solutions, and ensuring that solutions maintain their effectiveness in an ever-changing threat environment. This means you will work with colleagues in the Cyber Security and Incident Response Team, delivering TfL’s cyber security strategy, as they continuously improve cyber security techniques that reduce the risk posed by cyber attack to TfL’s information, systems and operations. Key accountabilities: You’ll provide leadership across the SOC, supporting Senior and Junior Analysts to prioritize and direct activities, driving behaviours and ensuring an effective and efficient incident handling. Enhancing TfL’s operational capabilities within the team; working closely with the SOC Manager ensuring capabilities across all Security Service lines as well as ensuring best practice whilst driving continual improvement. Responsible for proactively monitoring TfL systems for malicious activity and intrusions using real time data and alerting from various data sources measured against agreed SLAs. Responsible for ensuring processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs. Responsible for implementing the TfL hunting process for security activities, in collaboration with key stakeholders across the organisation. Responsible for supporting the tuning of detection content and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives. Responsible for keeping up to date with current cyber developments and trends, and maintaining your skills through continuous personal development and working collaboratively with colleagues, both internal and external to the team. Skills: Security Fundamentals training/certifications. Incident Response training/certifications. Hunting experience in previous roles. Conversant with technologies supported by the SOC and including experience with 4 or more (essential): IR, VM, TI, Phishing, SIEM, BA, EDR, MDR. Demonstrable skills in using security tooling to provide contextual data to allow for a thorough assessment of an event. Ability to communicate effectively written and verbally and influence others in order to minimise TfL’s Cyber Risk through effective monitoring, detection and where necessary mitigation. Ability to effectively use a SIEM solution to identify events that warrant further investigation. Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents. Knowledge: Educated to Degree level or equivalent – industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP. Knowledge of cyber security and information security controls best practice with supporting qualifications where possible – such as Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CPNI 10 and SANS 20. Knowledge of relevant legislation and government standards – including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives. A broad understanding of network and computer system architecture, operations and protocols. Understanding of information security management concepts to support solutions and processes. Experience: Experience of implementing and managing security monitoring and response in a complex organisation. Experience of working in an operational environment such as a SOC, CSIRT or CERT function. Experience on leading the response to a Cyber Security incident or event. Experience of mentoring junior analysts. Knowledge of the Mitre ATT&CK and NIST framework and how this can be used to further improve security monitoring and detection. Knowledge of the Cyber Kill Chain. Technical knowledge of computer network and systems and the necessary controls that can be used to prevent unauthorised access. Closing date: 22nd of December 2024 at 23.59 Excellent Benefits include: Final salary pension scheme. Free travel for you on the TfL network. Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket. 30 days annual leave plus public and bank holidays. TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow. Private healthcare discounted scheme (optional). Tax-efficient cycle-to-work programme. Retail, health, leisure and travel offers. Discounted Eurostar travel. Additional Information: Please apply supplying your CV preferably in “.docx” format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document. If you are shortlisted you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible however some interviews/ assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications. We are committed to equality, diversity and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantee an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair. Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We’ll see what we can do. We understand a confidence gap can get in the way of meeting spectacular candidates. So please don’t hesitate to apply if you think you have what it takes even if you feel you don’t meet all the criteria. We’d love to hear from you. #J-18808-Ljbffr