Cyber Incident Response Engineer

At M&G our purpose is to help people manage and grow their savings and investments, responsibly. As a business, we are continuing to take steps towards a sustainable future, delivering better long-term solutions for our customers and clients and identifying new opportunities to make a positive impact for our environment and communities . To help us achieve our vision we're looking for exceptional people who live our values of care and integrity and who can inspire others; embrace change; deliver results and keep it simple.
We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.
The Cyber Threat Analyst role is positioned with the M&G Security Operations team that consists of the following functions:

• Security Operations Centre (Monitoring)
• Threat Intelligence and Vulnerability Management
• Security Operations Engineering (Tooling Support)
• Cyber Response (Security Incident Manage and Cyber Resilience)

The role reports in directly to the SOC Manager and the successful applicant will work alongside an internal team as well as a Managed Security Service consisting of 24/7 L1 and L2 SOC analysts.
Key Responsibilities:

• Use-case contributions and review - helping to ensure the analytical rules continue to be fit for purpose and reflective of real-world attack scenarios including assisting MSSP in driving team automation
• Incident Response - Blocking of IOCs, stakeholder alerting, act as a part of team co-ordinated activity
• Collaboration with internal teams within the Security Operations function and wider M&G to ensure effective service.
• Collaboration with external teams within the Security Operations function (such as the managed service provider) where necessary to investigate cyber security alerts and incidents.
• Act as a business point of escalation for MSSP L1s and L2s where further assistance is required from the 24/7 monitoring team.
• Pro-actively suggesting service improvements with the aim of improving the organisation's security posture.
• Be able to articulate complex problems, risks and solutions to key stakeholders internally and externally.
• Adherence to existing processes/procedures and aid in new process development where a new business requirement comes into existence.
• Supporting of key regular internal/external audit activities where applicable - typically through tracking of SOC activities, adherence to process/procedures and ad-hoc participation in technical sessions to support the SOC Manager where required.

Target Skills, Experience and Technologies:

• Previous experience in Security Operations environment
• Exposure to Cyber Incident Response.
• Experience in Endpoint Detection and Response tooling (ideally Defender for Endpoint and/or Palo Alto Cortex XDR
• Experience in Microsoft Sentinel (querying of logs, knowledge of analytical rules)
• Experience with IDPS systems (NGFW, Firepower/Sourcefire etc)
• Experience in other Microsoft Azure environment - including use of Azure Activity Directory, Identity Protection, Defender for Cloud etc.
• Exposure to use-case management (fine tuning of false positives etc)
• Ideally having worked in the financial services sector (or another highly regulated area)

Desirable Certifications
Desirable certifications for the role at this level may include:

• Non-vendor specific such as CompTIA Security+, CySa+, ISC2 SSCP, Security Essentials
• Microsoft specific such as SC200, AZ500

Recruiter : Martyn Jack
We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality or disability we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.