Cyber Investigation and Response Analyst
G-Research is Europe’s leading quantitative finance research firm. We hire the brightest minds in the world to tackle some of the biggest questions in finance. We pair this expertise with machine learning, big data, and some of the most advanced technology available to predict movements in financial markets.
Joining as a Cyber Investigation and Response Analyst, you will be part of our Cyber Security Investigation and Response Team (CSIRT). You will have the opportunity to work on multiple aspects of security, with responsibilities ranging from alert triage to threat intelligence.
You’ll be working with a whole host of different technologies across a combination of on-premise, hybrid cloud and cloud native environments. This is a unique opportunity for someone with a strong grounding in a Security Operations Centre (SOC) environment to move into a new phase of their career, with growth and diversification opportunities into Security Engineering, Security Development or even Security Data Science.
Key responsibilities of the role include:
- Threat hunting to proactively detect, isolate, and neutralise threats:
- Research traffic on our networks, create baselines for expected norms and identify and investigate outliers. Provide your analysis and document your research
- Find anomalous events and pull the thread to determine if our systems were compromised or a compromise was attempted
- Manage research into threat hunting adversaries in our environments
- Participate in investigations related to threat hunting adversaries in our environments
- Monitor and analyse the output from many log sources including cloud services, on-premise network equipment and productions platforms, recommending security actions per procedures where required
- Perform real-time monitoring and triaging of security alerts
- Incident response:
- Act as the first point of contact for security incidents and anomalies
- Coordinate with other security and operations teams during incidents or investigations
- Conduct preliminary incident triage and set the priority accordingly
- React and respond to all real or perceived security and cyber-related incidents, threats and attacks
- Determine and classify the severity of alerts and assess potential impacts as classification defined in the knowledge base
- Stay on the bleeding edge by conducting research, consulting with colleagues and attending training to maintain awareness of trends in new security threats, technologies, and regulations
- Assist in IT security investigations, red team exercises and penetration tests as needed
- Understand and operate an effective Security Orchestration, Automation and Response (SOAR) platform
- Work closely with other teams to provide mitigation recommendations to reduce the overall security risk within the organisation
- Provide ideas and feedback to improve the overall SOC capability and maturity
- Find and analyse various threat intelligence feeds
- The position is on-call through an on-call schedule using PagerDuty
Who are we looking for?
The ideal candidate will have an advanced understanding of:
- Concepts such as MITRE ATT&CK and the Cyber Kill Chain
- Monitoring non-traditional IT services such as SaaS and cloud services
- SIEM solutions such as Sumo Logic, Splunk or Elastic SIEM
- Endpoint Detection and Response (EDR) solutions such as Microsoft Security Centre or Azure Sentinel
- Advanced analysis and triaging of security logs from Windows, Linux, containers and their orchestration systems
- Malware analysis and investigation
- Implants, shells, and Command and Control (C2) infrastructures
- TCP/IP Networking, packet capturing and analysis
- Attacker infrastructure investigation using open source tooling
The following skills/experience would also be beneficial:
- Python knowledge (Jupyter Notebooks or general development skills)
- Experience of monitoring for insider threats
- Digital forensics (Encase, FTK etc)
- Advanced detection engineering (complex correlation rules, cyber data science)
This role requires candidates with drive, energy and a passion for Cyber Security. Candidates will need to have attention to detail, an inquisitive mind-set, and a desire to find answers. A part of this role will also include mentoring and coaching across the team.
Why should you apply?
- Highly competitive compensation plus annual discretionary bonus
- Informal dress code and excellent work/life balance
- Comprehensive healthcare and life assurance
- 25 days holiday
- 9% contributory pension scheme
- Cycle-to-work scheme
- Subsidised gym membership
- Monthly company events
- Central London office close to 5 tube 5 stations and 6 tube lines
G-Research is committed to cultivating and preserving an inclusive work environment. We are an ideas-driven business and we place great value on diversity of experience and opinions.
We want to ensure that applicants receive a recruitment experience that enables them to perform at their best. If you have a disability or special need that requires accommodation please let us know in the relevant section.Apply