Cloud SOC Analyst / SOC Engineer

Company Description

Visa is a world leader in payments and technology, with over 259 billion payments transactions flowing safely between consumers, merchants, financial institutions, and government entities in more than 200 countries and territories each year. Our mission is to connect the world through the most innovative, convenient, reliable, and secure payments network, enabling individuals, businesses, and economies to thrive while driven by a common purpose – to uplift everyone, everywhere by being the best way to pay and be paid.

Make an impact with a purpose-driven industry leader. Join us today and experience Life at Visa.

Job Description

cloud">Currencycloud was acquired by Visa in December 2021 and forms part of Visa Cross Border Solutions (VXBS). At Currencycloud, you can work from home, or visit our offices in London, Cardiff or Amsterdam. You'll need to be based in either the UK or Netherlands for this role, and have the necessary work permissions.

Information security is an integral part of Visa's corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, which is why Visa has made it a priority to create top-tier security operations and incident response teams to defend the company against evolving cyber threats. If you would like to join a company where security is truly valued, where you can work with like-minded peers who are passionate about the art & science of cyber defense then we have a home for you.

The successful candidate will be an industry-level Senior SOC Analyst with a continued specialism in Cloud, having worked in a highly regulated environment and experience of analysis with multiple monitoring tools and query languages. The team you will join is part of a larger Security Team and Organization located across multiple geographical sites that are responsible for the comprehensive cyber defense of Visa and its subsidiaries.

Responsibilities:

• Monitor Information Security alerts using Security Information and Event Management (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artifacts.

• Utilize sensor telemetry data and correlated logs to establish context of an alert and rule out false positives.

• Perform analysis of security alerts to evaluate true positive malicious risks to the business, determine containment action, and identify required preventative measures, documenting your findings throughout within the Incident Management System.

• Document Tuning and Detection Opportunities, turning them into operational alerting.

• Mitigate and contain identified threats using approved incident response methodologies.

• Provide subject matter expertise as an escalation point for security incidents to ensure proper assessment, containment and mitigation is taken. Collaborate with operational support teams to ensure they are actively engaged in addressing security threats and impact to the business.

• Be a technical lead contributor to high-severity incident response efforts which involve multiple teams to reach prompt containment, primarily aiding in incident analysis and reporting. 

• Provide peer support to improve the technical capabilities of fellow SOC Analysts.

• Perform threat hunting using defined procedures and alert trend analysis to find inconspicuous threats. Identify trends, potential new technologies, and emerging threats which may impact the business.

• Operationalize actionable Threat Intelligence reports from internal and external sources.

• Assist with the security monitoring enrollment process to ensure adequate coverage and effectiveness of all new and existing cloud and on-premise based applications, services and platforms.

• SIEM Operations: comprehensively test and refine SIEM, experience with Sumologic, Datadog and similar tooling

• Work in collaboration with teams within Cybersecurity to identify detection and response gaps to improve.

• Develop and review Incident Response Playbooks, SOPs and Alert Runbooks, to streamline the incident response efforts.

• Work with colleagues in other technology departments as well as the business and product offices to establish effective, productive business relationships.

• Participation in an OOH On-Call Rota, 1 week in a team of 4.

This is a hybrid position. Hybrid employees can alternate time between both remote and office. Employees in hybrid roles are expected to work from the office 2-3 set days a week (determined by leadership/site), with a general guidepost of being in the office 50% or more of the time based on business needs.

Qualifications

Basic Qualifications:
• 2+ years of relevant work experience and a Bachelors degree, OR 5+ years of relevant work experience

Preferred Qualifications
• 3 or more years of work experience with a Bachelor’s Degree or more than 2 years of work experience with an Advanced Degree (e.g. Masters, MBA, JD, MD)
• Demonstrated professional competency in Cloud Environments
• 7+ years of related experience in Cybersecurity incident response, investigation or computer network defence functions.
• Bachelor's degree in computer science, information systems, or a related technical discipline or equivalent professional experience directly related to information security, cybersecurity, or computer network defence
• Relevant Security related certifications a plus: CYSA+, GCIA, GCIH, GCED, OSCP
• Relevant Cloud Certifications a plus: AWS Certified Security - Speciality
• Demonstrated experience in investigating cyber security incidents in enterprise-level security operations centres, fusion centres or Cyber Security team.
• Proven subject matter expertise in incident response and detection engineering.
• Solid understanding of TCP/IP protocol and internetworking technology including packet analysis, routing and switching.
• Strong technical knowledge of Cloud networking, infrastructure services and common applications.
• Strong knowledge of software security including web applications security.
• Strong Scripting skills (Python, Perl).
• Strong working knowledge in malware analysis.
• Strong knowledge in digital and network forensics investigation.
• Working knowledge of multiple security tools such as SIEM, AV, WAF, IDS, Netflow, Packet Analyzer and Endpoint Detection & Response tools.
• Excellent problem-solving skills, with tenacity and resilience to resolve issues.
• Strong interpersonal and leadership skills.
• Excellent communication, both verbal and written, with strong data presentation skills for varied audiences (including executive)

Additional Information

Visa is an EEO Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status. Visa will also consider for employment qualified applicants with criminal histories in a manner consistent with EEOC guidelines and applicable local law.