Security Operations Centre Manager
FINBOURNE recognises the need to be proactive in our approach to security with respect to prevention, detection, and recovery. Information Security is at the heart of every decision made at FINBOURNE and is the responsibility of all the team.
The Security Operations Centre (SOC) Manager will be able to demonstrate an understanding of MITRE attack techniques, will ensure that information security controls are functioning as intended, and will ensure that the fallback position for information security controls have the proven reliability to allow recovery for a financial technology company which provides a Software-as-a-Service Asset Management Software System.
Experience of understanding information security controls within a cloud-based system and the trade-offs of those controls - to aid in an investigation – will be of extreme importance for this role, as is assisting FINBOURNE to prioritise information security defensive activities to further enhance FINBOURNE’s security offering.
This critical role will be focused on the capability of FINBOURNE to manage, respond and recover from an information security event, and will be expected to build/maintain relationships both inside and outside of the organisation.
The SOC Manager will generate strategic contingency plans for realistic and damaging scenarios, focussed on the current state (AS-IS) of Information Security controls for FINBOURNE. These plans will form the base position of information security use-cases and tabletop exercises, which in turn will form actionable information for our internal stakeholders and technical teams, and will drive the investment in leading information security tooling.
Job title: Security Operations Centre Manager
Location: London, UK
- Primarily responsible for security event monitoring, management, and response. Taking ownership of the FINBOURNE SIEM platform and the related processes.
- Responsive to security incidents and acting as lead security analyst in the face of any enacted threats against FINBOURNE, providing leadership as part of the function.
- Strategically building out the security operations function - contributing to the strategy, design, maturity, and optimisation of the function. Including development of security use-cases and table-top exercises.
- Developing, implementing, and maintaining security operations controls including key performance indicators (KPIs) and information security performance dashboards.
- Contribute to the development of new features and improvement of existing features.
- Review code from other members of the team.
- Develop an understanding of all areas of security and help other teams and customers with their challenges in this space.
- Research new ideas and prototype new tools and technologies.
- Operate, automate and improve our security systems and processes.
- Help further develop our automated testing systems to keep the quality of our work as high as possible.
- Contribute to and enhance our engineering practices
- Develop ways to better improve our system awareness and monitoring to identify issues and trends early.
- Share knowledge, experience and new ideas with the wider team
- Provide technical mentoring for team members
- Contribute insights that we can share with our customers and the community
What skills, experience and qualifications we require:
- You’ll have a passion for technology and have exposure to a software development environment.
- You should be well organised, and have excellent communication skills, with the ability to discuss complex topics with both technical and non-technical audiences. It is essential that you’re willing to take the time to understand a problem before making any changes. You should be able to describe the trade-offs made in any design choice and learn to improve your design choices with feedback from the wider team.
- Knowledge of Financial Services (or Asset Management specifically) would be beneficial, though not essential.
Knowledge in the following areas is essential:
- At least 5 years of experience working in a SOC or managing a SOC or an Incident Response position.
- Extensive knowledge of or experience working with security products (SIEM, SecurityHub, GuardDuty, NetFlow, IDS/IPS, Anti-Virus).
- Experience explaining the risk of security threats and creating pragmatic mitigations.
- Experience of IT security infrastructure technologies and principles.
- Understanding of the underlying protocols including HTTP, HTTPS, SMTP, SQL.
- Understanding of Networking Architecture (OSI Model) and Cloud Infrastructure.
- Understanding of security use-cases and tabletop exercises.
Programming experience in any of these areas is also highly desirable:
- C# and .NET Core (or equivalent language, e.g.: C/C++, Java)
- Exposure to industry frameworks and technologies is also highly desirable:
- Experience dealing with security incidents using the NIST or ISO frameworks.
- Git source control
- Amazon Web Services
Formal certifications are also highly desirable:
- Security+, Network+.
- SANS GCIH (GIAC Certified Incident Handler), GMON (GIAC Continuous Monitoring Certification), GDAT (GIAC Defending Advanced Threats), GCTI (GIAC Cyber Threat Intelligence).
- CISSP – Certified Information Systems Security Professional.
- CCSP – Certified Cloud Security Professional.
Additional formal certifications are also extremely desirable:
- Offensive Security Certified Professional (OSCP) certification.
- Certified Ethical Hacker (CeH) certification.
We are a young, dynamic financial technology company aiming to re-engineer the world of investing to make it clearer, faster and more cost effective for everyone.
We are looking for our future architects, engineers and ultimately leaders to join us on this journey.
At FINBOURNE, we offer a hugely supportive environment to build a career, with continuous learning and development opportunities. We have a collaborative culture of testing and exploring problems together to find the best evidence-based solutions. We respect your independent thought, your intellectual curiosity and your opinion.
FINBOURNE Technology is a Skilled Worker sponsor and we can support candidates requiring work permission if appropriate.
For more information about our culture, career development and the benefits we offer our employees, please visit our website www.finbourne.com.
Life at FINBOURNE:
Working at FINBOURNE is fast paced and exciting. The most important qualities we look for are a hunger to learn, passion for quality and a willingness to take the time to collaborate, teach and learn from colleagues.
- During your first three months with us, we encourage you and your manager to agree a 90 day plan to document your training and induction. This will give you clear objectives and ensures you’re provided with support in the areas that you require it the most.
- You’ll also have regular meetings with your manager and should expect to receive regular feedback from them.
- We run daily team stand ups so you’ll quickly get up to speed on what your colleagues are working on and be able to share your accomplishments and challenges with your team.
- We host monthly company-wide meetings where you’ll receive regular business updates and insight into our strategy.
- We host knowledge sharing sessions where employees share best practice and new ways of working. These range from fortnightly Q&A sessions about the finance industry to our weekly code craft club.
- Performance related pay: Financial rewards which can include a direct route to a financial stake in the company via our discretionary Stock Options Scheme
- Pension: We offer a choice of pension schemes with employer contributions
- Maternity, paternity and adoption leave: Paid maternity, paternity and adoption leave, which includes 13 weeks full pay for maternity and adoption leave and 6 weeks full pay for paternity leave
- Holiday: 25 days holiday plus bank holidays
- Cycle to work scheme: Buy a bike and cycling accessories out of your pre-tax salary and spread the cost over 12 months
- Flexible and remote working: We have a mature attitude towards flexible and remote working. Whether you’re a night owl, morning person, parent, carer or simply need flexibility to work a different pattern to the norm, we’re committed to helping you be productive and work in a way that is best for you
- Learning and training: We run regular internal training sessions on a wide variety of topics. These range from fortnightly Q&A sessions on the finance industry to our weekly code craft club. We also encourage employees to tailor their own development by making use of online learning tools and courses to supplement on the job training.
- Mentoring Scheme: we run an internal mentoring scheme to give employees the ability to develop and broaden their knowledge through our employee network.
- Regular company-wide socials: Before lockdown last year, team and company-wide socials happened regularly. These ranged from bowling trips, visits to the science museum, company-wide breakfasts and ski holidays. We hope to resume all of that shortly! Since lockdown we have continued to run social events including online gaming tournaments, quizzes and weekly one to one virtual catch-ups to keep everyone connected!
FINBOURNE Technology is a Skilled worker sponsor and we can support candidates requiring work permission if appropriate.
For more information about us please visit our website.