Responsibilities
• Working experience of security design/architecture for new security applications to improve the current security posture globally for QBE
• Contributes to, monitors and advises on the planned developments and changes in order to ensure relevancy,pliance and optimal delivery
• Provide rmendations for updates to IR handling processes and procedures
• Contribute to the ongoing development of security operations "best practice" and support continuous improvement
• Provide guidance regarding security technical support, and influence peers in following best practice
• Manage business continuity plan, and information back-up procedures, to ensure minimal disruption in the event of Cyber Attack
• Implement security initiatives aimed at improving the existing infrastructure
• Review new security products and ascertain their suitability for the QBE environment
• Execute threat hunting activities using various proprietary and open source tools to identify current and emerging threats that pose a risk to QBE
• Build strong relationships with internal and external stakeholders to maintain and improve QBE security and enhance knowledge and information sharing
• Activelymunicate with staff and third parties to correctly identify and resolve problems and manage their expectations
• Document incidents, requests and problem management information to ensure requiredpliance standards/SLAs are achieved
• Use security tools and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and rmend modifications to existing systems and procedures
• Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against short and medium-term threats and IOCs
• Execute vulnerability and web application assessments; provide analysis and rmendations to mitigate potential threats
• Proactively analyse threats to QBE's systems, assets and business operations and provide rmendations for mitigating controls and/or remediation
• Act as a point of reference to guide and advise others to ensure the sharing of knowledge and best practice throughout the team
Required Education
• Bachelor's Degree or equivalentbination of education and work experience
Required Experience
• 3 years relevant experience
Preferredpetencies/Skills
• Good technical expertise of security solutions and technologies, including: Windows, Linux, Networking, Security Architecture experience and knowledge of packet flow/TCP/UDP traffic, Firewall and proxy technologies, cloud solutions, anti-virus, static and dynamic malware analysis techniques
• Working experience of performing analytics with different types of logs, network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc.
• Working experience in handling security incidents at all levels related to incident response
• Working experience in managing 2nd/3rd level security events
• Working experience on known SIEM and Log Correlation Tools
• Working experience on Case Management Tool
• Experience of establishing and maintaining strong relationships with global security operations colleagues and other departments, including network teams and incident managers
• Demonstrated ability to make decisions on remediation and counter measures
• Be able tomunicate effectively and update senior stakeholders globally
• Excellent troubleshooting and problem-solving skills
• Highly organized, self-motivated and able to work without direction.
• Able to anticipate problems and potential problems and take appropriate pre-emptive action
• Good planning and prioritization ability. Ability to manage concurrent activities with varying/conflicting priorities
• Personable, conscientious, ability to cope with pressure and to prioritise work
• Ability to analyze, define and specify customer requirements
Preferred Licenses/Certifications
• GIAC Certified Incident Handler (GCIH)
• GIAC Certified Intrusion Analyst (GCIA)
• GIAC Penetration Tester (GPEN)
• GIAC Reverse Engineering Malware (GREM)
• Certified Information Systems Security Professional (CISSP)
• Certified Cloud Security Professional (CCSP)
• Council for Registered Ethical Security Testers (CREST)
• Offensive Security Certified Professional (OSCP)
Preferred Knowledge
• Advanced understanding of tools, techniques and procedures that modern attackers use topromise organisations.
• Demonstrable understanding of various security frameworks and methodologies such as OWASP 10, SANS TOP 25, NIST Incident Reponses, CERT Model, Diamond Model, MITRE ATT&CK, and the Extended Cyber Kill Chain.
How to Apply:
To submit your application, click "Apply" and follow the step by step process.
Equal Employment Opportunity:
QBE is an equal opportunity employer and is required toply with equal employment opportunity legislation in each jurisdiction it operates. Job ID 300346