Intermediate Global Security Operations Centre Analyst

at  Aegon

Job Description Summary
Job Description
Intermediate Global Security Operations Centre Analyst
Permanent
Location: Edinburgh (hybrid working available)
Expected starting salary: £35,120 - £43,900
Closing date: 19th November 2024
Who we are:
Global Technology Services (GTS) is Aegon’s global IT partner, providing infrastructure services, information security, and global/corporate application support for Aegon’s businesses worldwide. From six locations in the US, the Netherlands, UK, and Hungary, we support over 20 country units and more than 24,000 employees globally. Our support includes a wide range of centralised global IT services such as programming, database management, project management, agile/dev/ops, and more.
We continue to maximise the value from having a clear digital and data technology platform strategy that extends our ecosystem, enhancing customer experience and improving operational efficiency. All of these teams work closely together to provide innovative and digital solutions as well as critical technology support. This is essential for enabling Aegon’s businesses around the globe to be innovative, digital, competitive, efficient, and effective, and to provide the best solutions and customer experience for our customers and shareholders.
The Job:
We are seeking a dynamic Security Operations Centre (SOC) Analyst to join our team. This role requires a broad understanding of cybersecurity principles, investigation techniques, and incident response practices. You will be responsible for responding to security alerts, triaging incidents, and participating in the full incident response lifecycle. Collaboration with multiple teams and stakeholders is essential to review security alerts and participate in threat hunts, purple team exercises, and declared incident responses.

What You Will Do:

• Respond to security alerts from SIEM, automation platforms, security controls, and other teams to identify relevant connections and triage security events
• Review and analyse forensic and cybersecurity event data related to security incidents
• Coordinate cross-functional cybersecurity and incident response events
• Work on projects for ISS, either as a primary or supporting role
• Correlate threat intelligence to enhance understanding of threat vectors, attack processes, fraud actors, and malicious cyber behaviour
• Assist the threat intelligence function with open-source threat research and analysis
• Develop and distribute root cause analyses to gain shared understanding and agreement on attack, containment, remediation steps, process changes, and technical control implementations
• Work with business leaders and client management organisations to explain and level set security event issues and concepts

We’d love to hear from you if you have:

• Experience in conducting or leading security event triage, incident response activities, or cyber investigations
• Knowledge in one or more cybersecurity domain areas: incident response and management, application awareness, identity awareness, identity and access management, data handling and classification, web application firewalls, next-gen firewalls, network zoning and segmentation, cyber resiliency, secure coding, fraud investigation and response, multi-factor authentication, DLP, forensics, security within SDLC
• Real-world experience in Enterprise Detection and Response (EDR) from monitoring and response to custom building rules
• Experience in threat intelligence and persistent threat management, incident response, and/or crisis management
• Ability to work independently and make quick decisions based on available information
• Ability to define and communicate complex technical risk problems, concepts, and situations to multiple skill levels, including business personnel with little to no cyber experience
• Familiarity with programming languages such as Python, along with basic knowledge in shell scripting and proficiency in log search queries and techniques
• Self-motivated with strong self-management skills and a continuous learning mindset

It’d also be great – but not essential – if you’ve got:

• Active or pursuing CompTIA Security+, CEH, CHFI or CISSP certifications
• Experience with systems such as ServiceNow, JIRA, Splunk, and equivalent
• Proficiency in Excel and PowerPoint is highly preferred

What’s in it for you?

• A competitive starting salary from £35,120 - £43,900, depending on the experience you can bring
• A non-contributory pension between 8%-12%
• A discretionary bonus, depending on personal and company performance
• 34 days leave per year (including bank holidays, pro-rated for part-time)

We also offer private medical cover, life assurance, critical illness cover, enhanced parental leave, and a variety of lifestyle benefits to help our staff live their best lives, including retail discount vouchers, cycle-to-work scheme, subsidised restaurant, and online GP appointments.
The legal bits
We’ll need you to confirm you have the right to work in the UK. If we offer you a job and you accept, there are some checks we need to complete before you can start with us. This will include a credit and criminal record check, as well as providing satisfactory references.
Cifas Short Fair Processing Notice (applies to UK-based candidates only)
The personal information we have collected from you will be shared with Cifas, who will use it to prevent fraud, other unlawful or dishonest conduct, malpractice, and other seriously improper conduct. If any of these are detected, you could be refused certain services or employment. Your personal information will also be used to verify your identity. Further details of how your information will be used by us and Cifas, and your data protection rights, can be found by visiting www.cifas.org.uk/fpn.
Equal Opportunity Employer:
We are an equal opportunities employer and welcome applications from all suitably qualified persons regardless of their age, disability, race, religion/belief, gender, sexual orientation or gender identity

• Respond to security alerts from SIEM, automation platforms, security controls, and other teams to identify relevant connections and triage security events
• Review and analyse forensic and cybersecurity event data related to security incidents
• Coordinate cross-functional cybersecurity and incident response events
• Work on projects for ISS, either as a primary or supporting role
• Correlate threat intelligence to enhance understanding of threat vectors, attack processes, fraud actors, and malicious cyber behaviour
• Assist the threat intelligence function with open-source threat research and analysis
• Develop and distribute root cause analyses to gain shared understanding and agreement on attack, containment, remediation steps, process changes, and technical control implementations
• Work with business leaders and client management organisations to explain and level set security event issues and concept