Security Incident Response Specialist (SOC)
At Monzo we’re aiming to build the best bank in the world. We are always keen to hear from capable, creative people who want to help us accomplish that goal. We want our bank to be safe and secure for our customers, so security is very important to us.
Security at Monzo
We are looking for a proactive, technically-minded and organised individual to join our Information Security team in the bank’s 1st line of defence which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk.
This role is part of Monzo’s Security Operations function which has a wide range of responsibilities, from infrastructure security to application and information security.
As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that.
One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security.
The goal of the Security Incident Response Specialist is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.
Additionally, you will be helping with the monitoring of information security controls within Monzo by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.
- Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.
- Investigating, defining and resolving complex issues.
- Producing and developing dashboards and reports to continuously improve security situational awareness.
- Producing incident reports to present activity and outcome of operational security services and activity.
- Supporting the investigation of security breaches and coordinating and managing all Incident Responses.
- Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures.
- Investigating the causes of incidents, document findings and seek resolution.
- Making sure the escalation of any unresolved incidents has been completed according to agreed procedures.
- Overseeing the facilitation of recovery, following the resolution of incidents.
- Making sure security incidents have been documented and closed according to agreed procedures.
- Serving as a backup for security operations emergency response.
- Overseeing active Incidents the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, privileged access management controls.
- Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
- Creating security risk, vulnerability assessments, and business impact analysis as required.
- Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
- Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.
- Oversee the operation or support the operation of tools that contribute to effective security including anti-virus and vulnerability management.
- Making sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
- Undertaking periodic reviews of security policies and baseline control standards, influencing additional and updated controls based on the findings of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.
You should apply if
- You have solid experience within an enterprise-level SOC or CSIRT function.
- You have experience with Security Monitoring tools.
- You hold at least two or more of the following security certificates:- CISSP/CISM/GIAC/GCFE/GISP/GSEC/CEH.
- You have a track record of technical delivery within a fast-paced environment.
- You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
- You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
- You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
- You communicate well and can present complex information to both technical and non-technical audiences.
- You’re excited by what we’re doing at Monzo
Closing date for application 6pm on 2nd November
Salary range for this role is £55,000 - £80,000 DOE plus stock options and other benefits.
This role can be based in our London office or remotely within the UK
We offer flexible working hours and trust you to work enough hours to do your job well, at times that suit you and your team.
Diversity and inclusion is a priority for us – if we want to solve problems for people around the world, our team has to represent our customers. So we need to attract the best talent and create an environment that supports and includes them. You can read more about diversity and inclusion on our blog.
If you prefer to work part-time, we'll make this happen whenever we can - whether this is to help you meet other commitments or strike a great work-life balance.
The application process consists of a 30mins phone call with a recruiter, an initial call with someone from the team, followed by a practical exercise and a values & Culture interview remotely via hangouts. We promise not to ask you any brain teasers or trick questions.
Equal Opportunity Statement
At Monzo, embracing diversity in all of its forms and fostering an inclusive environment for all people to do the best work of their lives with us. This is integral to our mission of making money work for everyone.
We're an equal opportunity employer. All applicants will be considered for employment without attention to ethnicity, religion, sexual orientation, gender identity, family or parental status, national origin, veteran, neurodiversity status or disability status.
Explore more Information Security career opportunities
- Open Vulnerability Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Threat Intelligence Response Analyst jobs
- Open Staff Security Engineer jobs
- Open IT Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Cybersecurity Analyst jobs
- Open Senior Incident Response Analyst jobs
- Open Personnel Security Officer jobs
- Open SOC Analyst jobs
- Open Information Security Architect jobs
- Open Chief Information Security Officer jobs
- Open Sr. Product Security Engineer jobs
- Open IAM Engineer jobs
- Open Information Security Officer jobs
- Open Sr. Software Engineer - Detection Engineering jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Staff Engineer, Cloud Security jobs
- Open Azure Security Engineer jobs
- Open Privacy Manager jobs
- Open Software Security Engineer jobs
- Open Threat intelligence-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open IDS-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Encryption-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open IPS-related jobs
- Open HIPAA-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs
- Open Cryptography-related jobs
- Open DNS-related jobs
- Open TCP/IP-related jobs