Security Operations Engineer
London
Applications have closed
R3
R3 is leading the digitization of financial services, enabling an open, trusted and enduring digital economy. Learn more about R3's Corda.R3 has employees based in upward of 11 countries (and still counting) across the globe, with our headquarters in London, alongside office locations in New York City and Singapore. Our vibrant and centrally located offices are filled with collaborative spaces, healthy (some not so healthy) snacks and state of the art work spaces.
The Security Engineer is instrumental in the implementation and day-to-day operation of R3’s Security Operations Centre (SOC) capability. Reporting to the Operations Security Lead, as part of a small team of information security specialists, you will ensure that the SOC supporting R3's twin missions of enterprise software vendor and operator of the Corda Network and Corda Managed Services is appropriately designed, built, and operated to address the information risks faced by R3, as a cloud native company. This is an exciting role, and not for the faint-hearted. You will shape R3s SOC capability from the outset, in terms of tool selection, installation, and configuration, as well as developing threat hunting and automated detection procedures.
You'll have a strong technical security background in a financial services, telecoms or critical infrastructure service provider, or maybe an enterprise-scale end-user security department. You’ll have experience of threat hunting, likely from working in a SOC. You'll be used to working in comprehensive security control environments, but have the insight to bring a risk-based approach to a fast-moving company with a start-up culture. This is an opportunity to help "write the book" on building the technical security controls to support enterprise distributed ledger technology and services.
Responsibilities:
- Lead the implementation and maintenance of security tools that provide insight in to R3’s security environment. The Security Engineer will monitor alerts and investigate security events via a SIEM solution to investigate suspicious activities; leading containment and prevention, as well as supporting recovery.
- Be responsible for the design, documentation, and execution of procedures for threat hunting and investigation; security response and security incident handling. Automate what can be automated, and hunt for what can not.
- Own the building and regular running of vulnerability scanning of R3 assets and infrastructure. Perform in-depth vulnerability assessments. Commission and support external penetration testing and red team type activities.
- Be responsible for the design and implementation of standardised preventative and detective technical security controls for R3's cloud and on premises infrastructure, including driving conformance to operating system and cloud environment benchmarks, network security controls, and consistent logging and alerting. These controls will be integrated into the wider R3 security control environment as the foundation for R3's security operating capability.
- Work with the wider security team to prepare for, and undergo external service auditor assessments of the security control environments which you help to develop.
Qualifications (the must haves):
- First and foremost we want you to love what you do. You'll need to be a security evangelist within R3 and the community of Corda Network and Corda Managed Service participants, both current and future.
- You'll have five or more years experience in an information security role, with at least three of those in an engineering role. We'd love to see evidence of other experience too, you might have been a developer, network operations person, penetration tester or researcher in a previous life.
- We believe that we work better as a team. You'll be working with a diverse team of people with a variety of skills and backgrounds and a high level of emotional intelligence will be assumed. People skills are essential.
- You'll need excellent communication skills, both verbal and written. You'll be happy explaining the control environment that you have helped develop to R3's clients or service auditors. As one of the first full-time Security Engineers at R3, you will also be expected to train those who follow your trailblazing; in the controls and in the use of tools that you have implemented.
- You’ll need strong hands-on experience of implementing or maintaining a SIEM solution. You will be practiced in using a SIEM for threat hunting, and subsequent security response.
- R3's control environment is risk-driven. You'll be recommending and implementing appropriate controls as a result you're going to need a pragmatic approach to the assessment and prioritisation of risk.
- You will have relevant experience of developing and implementing technical security controls in mission critical service delivery environments. Financial services experience would be ideal, but experience in other areas such as telecoms or other critical infrastructure may also be a good fit.
- You'll need experience in working in on premises deployments and at least one public cloud provider. Microsoft Azure is our platform of choice, but if you're a strong AWS or GCP person and are still interested, so are we. You'll understand the appropriate network security controls available in each environment and be able to specify and deploy those solutions as needed.
- You'll have extensive Linux experience. You'll need to have been deploying infrastructure as code in your previous role. We use Terraform and Ansible for this. We'd love it if you had direct experience of these, but we're still interested if you've used other automated provisioning and configuration management tools.
- You'll need a thorough, whole-stack understanding of internet networking, and the tools an attacker would use. You should be happy messing with all kinds of internet protocols. We don't expect you to be developing new exploits for Corda or Conclave enterprise software, but if you have any to hand, we'd be very interested to hear about them.
- Hands on experience of vulnerability assessment tools from Tenable, Qualys or Rapid 7.
- You'll need to be able to automate things. Working knowledge of at least one contemporary scripting language is essential. We won’t expect you to write in all languages, but you should be confident in reading at least Python, and either Shell script or PowerShell.
- Working knowledge of at least one modern query language is essential.
- You will have an appreciation of the variety of technical products available to R3 including endpoint security, identity and access management, network security controls (firewalls, VPN), and intrusion detection.
Qualifications (the nice to haves):
- Exposure to Azure Sentinel, Azure Security Center, and Defender ATP would be particularly useful, however not essential.
- Relevant professional qualifications would be great. We have ISACA and ISC2 members already, so we'll look favourably on professional certifications, so long as you can explain why they're relevant. We'd love an OSCP on board, but SANS GIAC certifications are also good. You'll need to demonstrate that any certifications you claim are valid and current (we will check).
- It would be great if you have an understanding of working in an ISO 27001 certified, or SOC 2 assessed organisation.
- Understanding of public key infrastructure would be very useful.
- An engineering or science degree would be great, but appropriate career experience is just as important. Be prepared to tell us all about that experience.
Tags: Ansible AWS Azure Blockchain Cloud Endpoint security Exploits Firewalls GCP GIAC Intrusion detection ISACA ISO 27001 Linux Network security OSCP Pentesting PowerShell Python Qualys Red team SANS Scripting SIEM SOC 2 Terraform VPN
Perks/benefits: Startup environment Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs