Threat Intelligence Manager
FINBOURNE recognises the need to be proactive in our approach to security with respect to prevention, detection, and recovery. Information Security is at the heart of every decision made at FINBOURNE and is the responsibility of all the team.
The Threat Intelligence Manager will be able to demonstrate an understanding of MITRE attack techniques, threat groups TTP's (tactics, techniques, and procedures) and an understanding on how best to represent and prioritize these threats in a financial technology company which provides a Software-as-a-Service product to some of the world’s largest financial institutions.
Experience of using threat hunting concepts and having a broad knowledge of OSINT (open-source intelligence) tools - to aid in an investigation – will be important for this role, as is assisting FINBOURNE to prioritise information security defensive activities to further enhance FINBOURNE’s security offering.
This critical role will be expected to build and maintain key relationships both inside and outside of the organisation and will be experienced in the execution of duties relating to threat intelligence; often bringing to bear comprehensive threat assessments and viewpoints of cyber threats from a local, regional and global perspective.
The Threat Intelligence Manager will also be able to collate multiple sources of information, and supported by investment in leading security tooling, create actionable insights for our internal stakeholders and technical teams. Furthermore, by contributing to the development of an in-house threat intelligence capability, this role will be able to identify and build robust IoC’s (Indicators of Compromise) that authoritatively detect and respond to emerging cyber threats.
Job title: Threat Intelligence Manager
Location: London, UK
- Research, evolve, develop, and advise - tactics, techniques, and procedures (TTPs) used by threat actors in order to improve FINBOURNE's information security controls.
- Conduct horizon scanning of the threat intelligence landscape (operational and tactical).
- Research threats for characteristics of Indicators of Compromise (IoC), with a view to developing/defining IoC’s to support any internal threat hunting activity.
- Contribute to the design and evolution of platform security features for use by customers
- Review code from other members of the team.
- Develop an understanding of all areas of security and help other teams and customers with their challenges in this space.
- Research new ideas and prototype new tools and technologies.
- Operate, automate and improve our security systems and processes.
- Help further develop our automated testing systems to keep the quality of our work as high as possible.
- Contribute to and enhance our engineering practices
- Develop ways to better improve our system awareness and monitoring to identify issues and trends early.
- Share knowledge, experience and new ideas with the wider team
- Provide technical mentoring for team members
- Contribute insights that we can share with our customers and the community
What skills, experience and qualifications we require:
You’ll have a passion for technology and have exposure to software development skills utilised within back end systems.
You should be well organised, and have excellent communication skills, with the ability to discuss complex topics with both technical and non-technical audiences. It is essential that you’re willing to take the time understand a problem before making any changes. You should be able to describe the trade-offs made in any decisions and be willing to learn and improve with feedback from the wider team.
Knowledge of Financial Services (or Asset Management specifically) would be beneficial, though not essential.
Knowledge and experience in the following areas is essential:
- At least 5 years of experience working in a SOC or Incident Response position.
- Extensive knowledge of or experience working with security products (SIEM, IDS/IPS).
- Experience explaining the risk of security threats and creating pragmatic mitigations.
- Experience of general IT infrastructure technologies and principles.
- Understanding of the underlying protocols including HTTP(S), SMTP, TCP, SSL/TLS.
- Understanding of Networking Architecture (OSI Model) and Cloud Infrastructure.
- Understanding of OSINT (open-source intelligence).
- Understanding of tactics, techniques, and procedures (TTPs) and MITRE attack techniques.
Programming experience in any of these areas is also highly desirable:
- C# and .NET Core (or equivalent language, e.g.: C/C++, Java)
- Git source control
Exposure to industry frameworks and technologies is also highly desirable:
- Experience dealing with security incidents using the NIST or ISO frameworks.
- Amazon Web Services
The following formal certifications are also highly desirable:
- Security+, Network+,
- SANS GREM (GIAC Reverse Engineering of Malware), GDAT (GIAC Defending Advanced Threats), GCTI (GIAC Cyber Threat Intelligence).
- CISSP – Certified Information Systems Security Professional.
- CCSP – Certified Cloud Security Professional.
- Offensive Security Certified Professional (OSCP) certification.
- Certified Ethical Hacker (CeH) certification.
We are a young, dynamic financial technology company aiming to re-engineer the world of investing to make it clearer, faster and more cost effective for everyone.
We are looking for our future architects, engineers and ultimately leaders to join us on this journey.
At FINBOURNE, we offer a hugely supportive environment to build a career, with continuous learning and development opportunities. We have a collaborative culture of testing and exploring problems together to find the best evidence-based solutions. We respect your independent thought, your intellectual curiosity and your opinion.
FINBOURNE Technology is a Skilled Worker sponsor and we can support candidates requiring work permission if appropriate.
For more information about our culture, career development and the benefits we offer our employees, please visit our website: www.finbourne.com.
Life at FINBOURNE
Working at FINBOURNE is fast paced and exciting. The most important qualities we look for are a hunger to learn, passion for quality and a willingness to take the time to collaborate, teach and learn from colleagues.
- During your first three months with us, we encourage you and your manager to agree a 90 day plan to document your training and induction. This will give you clear objectives and ensures you’re provided with support in the areas that you require it the most.
- You’ll also have regular meetings with your manager and should expect to receive regular feedback from them.
- We run daily team stand ups so you’ll quickly get up to speed on what your colleagues are working on and be able to share your accomplishments and challenges with your team.
- We host monthly company-wide meetings where you’ll receive regular business updates and insight into our strategy.
- We host knowledge sharing sessions where employees share best practice and new ways of working. These range from fortnightly Q&A sessions about the finance industry to our weekly code craft club.
- Performance related pay: Financial rewards which can include a direct route to a financial stake in the company via our discretionary Stock Options Scheme
- Pension: We offer a choice of pension schemes with employer contributions
- Maternity, paternity and adoption leave: Paid maternity, paternity and adoption leave, which includes 13 weeks full pay for maternity and adoption leave and 6 weeks full pay for paternity leave
- Holiday: 25 days holiday plus bank holidays
- Cycle to work scheme: Buy a bike and cycling accessories out of your pre-tax salary and spread the cost over 12 months
- Flexible and remote working: We have a mature attitude towards flexible and remote working. Whether you’re a night owl, morning person, parent, carer or simply need flexibility to work a different pattern to the norm, we’re committed to helping you be productive and work in a way that is best for you
- Learning and training: We run regular internal training sessions on a wide variety of topics. These range from fortnightly Q&A sessions on the finance industry to our weekly code craft club. We also encourage employees to tailor their own development by making use of online learning tools and courses to supplement on the job training.
- Mentoring Scheme: we run an internal mentoring scheme to give employees the ability to develop and broaden their knowledge through our employee network.
- Regular company-wide socials: Before lockdown last year, team and company-wide socials happened regularly. These ranged from bowling trips, visits to the science museum, company-wide breakfasts and ski holidays. We hope to resume all of that shortly! Since lockdown we have continued to run social events including online gaming tournaments, quizzes and weekly one to one virtual catch-ups to keep everyone connected!
FINBOURNE Technology is a Skilled worker sponsor and we can support candidates requiring work permission if appropriate.
For more information about us please visit our website.