Security Operations Engineer

R3 is an enterprise software company that is pioneering industry transformation.  We deliver purpose-built distributed ledger technology for all types of businesses in all sectors.  Our enterprise blockchain ecosystem is the largest in the world with over 350 institutions deploying and building upon Corda Enterprise and Corda.
R3 has employees based in upward of 11 countries (and still counting) across the globe, with our headquarters in London, alongside office locations in New York City and Singapore. Our vibrant and centrally located offices are filled with collaborative spaces, healthy (some not so healthy) snacks and state of the art work spaces.
The Security Engineer is instrumental in the implementation and day-to-day operation of R3’s Security Operations Centre (SOC) capability. Reporting to the Operations Security Lead, as part of a small team of information security specialists, you will ensure that the SOC supporting R3's twin missions of enterprise software vendor and operator of the Corda Network and Corda Managed Services is appropriately designed, built, and operated to address the information risks faced by R3, as a cloud native company. This is an exciting role, and not for the faint-hearted. You will shape R3s SOC capability from the outset, in terms of tool selection, installation, and configuration, as well as developing threat hunting and automated detection procedures.
You'll have a strong technical security background in a financial services, telecoms or critical infrastructure service provider, or maybe an enterprise-scale end-user security department. You’ll have experience of threat hunting, likely from working in a SOC. You'll be used to working in comprehensive security control environments, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help "write the book" on building the technical security controls to support enterprise distributed ledger technology and services.

Responsibilities:

• Lead the implementation and maintenance of security tools that provide insight in to R3’s security environment. The Security Engineer will monitor alerts and investigate security events via a SIEM solution to investigate suspicious activities; leading containment and prevention, as well as supporting recovery.
• Be responsible for the design, documentation, and execution of procedures for threat hunting and investigation; security response and security incident handling. Automate what can be automated, and hunt for what can not.
• Own the building and regular running of vulnerability scanning of R3 assets and infrastructure. Perform in-depth vulnerability assessments. Commission and support external penetration testing and red team type activities.
• Be responsible for the design and implementation of standardised preventative and detective technical security controls for R3's cloud and on premises infrastructure, including driving conformance to operating system and cloud environment benchmarks, network security controls, and consistent logging and alerting. These controls will be integrated into the wider R3 security control environment as the foundation for R3's security operating capability.
• Work with the wider security team to prepare for, and undergo external service auditor assessments of the security control environments which you help to develop.

Qualifications (the must haves):

• First and foremost we want you to love what you do. You'll need to be a security evangelist within R3 and the community of Corda Network and Corda Managed Service participants, both current and future.
• You'll have five or more years experience in an information security role, with at least three of those in an engineering role. We'd love to see evidence of other experience too, you might have been a developer, network operations person, penetration tester or researcher in a previous life.
• We believe that we work better as a team. You'll be working with a diverse team of people with a variety of skills and backgrounds and a high level of emotional intelligence will be assumed. People skills are essential.
• You'll need excellent communication skills, both verbal and written. You'll be happy explaining the control environment that you have helped develop to R3's clients or service auditors. As one of the first full-time Security Engineers at R3, you will also be expected to train those who follow your trailblazing; in the controls and in the use of tools that you have implemented.
• You’ll need strong hands-on experience of implementing or maintaining a SIEM solution. You will be practiced in using a SIEM for threat hunting, and subsequent security response.
• R3's control environment is risk-driven. You'll be recommending and implementing appropriate controls as a result you're going to need a pragmatic approach to the assessment and prioritisation of risk.
• You will have relevant experience of developing and implementing technical security controls in mission critical service delivery environments. Financial services experience would be ideal, but experience in other areas such as telecoms or other critical infrastructure may also be a good fit.
• You'll need experience in working in on premises deployments and at least one public cloud provider. Microsoft Azure is our platform of choice, but if you're a strong AWS or GCP person and are still interested, so are we. You'll understand the appropriate network security controls available in each environment and be able to specify and deploy those solutions as needed.
• You'll have extensive Linux experience. You'll need to have been deploying infrastructure as code in your previous role. We use Terraform and Ansible for this. We'd love it if you had direct experience of these, but we're still interested if you've used other automated provisioning and configuration management tools.
• You'll need a thorough, whole-stack understanding of internet networking, and the tools an attacker would use. You should be happy messing with all kinds of internet protocols. We don't expect you to be developing new exploits for Corda or Conclave enterprise software, but if you have any to hand, we'd be very interested to hear about them.
• Hands on experience of vulnerability assessment tools from Tenable, Qualys or Rapid 7.
• You'll need to be able to automate things. Working knowledge of at least one contemporary scripting language is essential. We won’t expect you to write in all languages, but you should be confident in reading at least Python, and either Shell script or PowerShell.
• Working knowledge of at least one modern query language is essential.
• You will have an appreciation of the variety of technical products available to R3 including endpoint security, identity and access management, network security controls (firewalls, VPN), and intrusion detection.

Qualifications (the nice to haves):

• Exposure to Azure Sentinel, Azure Security Center, and Defender ATP would be particularly useful, however not essential.
• Relevant professional qualifications would be great. We have ISACA and ISC2 members already, so we'll look favourably on professional certifications, so long as you can explain why they're relevant. We'd love an OSCP on board, but SANS GIAC certifications are also good. You'll need to demonstrate that any certifications you claim are valid and current (we will check).
• It would be great if you have an understanding of working in an ISO 27001 certified, or SOC 2 assessed organisation.
• Understanding of public key infrastructure would be very useful. 
• An engineering or science degree would be great, but appropriate career experience is just as important. Be prepared to tell us all about that experience.