Primary Responsibilities
• Working experience of security design/architecture for new security applications to improve the current security posture globally for QBE
•Contributes to, monitors and advises on the planned developments and changes in order to ensure relevancy, compliance and optimal delivery
•Provide recommendations for updates to IR handling processes and procedures
•Contribute to the ongoing development of security operations “best practice” and support continuous improvement
•Provide guidance regarding security technical support, and influence peers in following best practice
•Manage business continuity plan, and information back-up procedures, to ensure minimal disruption in the event of Cyber Attack
•Implement security initiatives aimed at improving the existing infrastructure
•Review new security products and ascertain their suitability for the QBE environment
•Execute threat hunting activities using various proprietary and open source tools to identify current and emerging threats that pose a risk to QBE
•Build strong relationships with internal and external stakeholders to maintain and improve QBE security and enhance knowledge and information sharing
•Actively communicate with staff and third parties to correctly identify and resolve problems and manage their expectations
•Document incidents, requests and problem management information to ensure required compliance standards/SLAs are achieved
•Use security tools and resources to correlate suspicious events, providing context around the event, determine root cause and provide regular updates and recommend modifications to existing systems and procedures
•Perform deep-dive incident analysis of various data sources by analysing and investigating security related logs against short and medium-term threats and IOCs
•Execute vulnerability and web application assessments; provide analysis and recommendations to mitigate potential threats
•Proactively analyse threats to QBE’s systems, assets and business operations and provide recommendations for mitigating controls and/or remediation
•Act as a point of reference to guide and advise others to ensure the sharing of knowledge and best practice throughout the team
Required Education
• Bachelor's Degree or equivalent combination of education and work experience
Required Experience
• 3 years relevant experience
Preferred Competencies/Skills
• Good technical expertise of security solutions and technologies, including: Windows, Linux, Networking, Security Architecture experience and knowledge of packet flow/TCP/UDP traffic, Firewall and proxy technologies, cloud solutions, anti-virus, static and dynamic malware analysis techniques
•Working experience of performing analytics with different types of logs, i.e. network, active directory, database, DNS, firewall, proxies, host-based security, cloud and applications logs etc.
•Working experience in handling security incidents at all levels related to incident response
•Working experience in managing 2nd/3rd level security events
•Working experience on known SIEM and Log Correlation Tools
•Working experience on Case Management Tool
•Experience of establishing and maintaining strong relationships with global security operations colleagues and other departments, including network teams and incident managers
•Demonstrated ability to make decisions on remediation and counter measures
•Be able to communicate effectively and update senior stakeholders globally
•Excellent troubleshooting and problem-solving skills
•Highly organized, self-motivated and able to work without direction.
•Able to anticipate problems and potential problems and take appropriate pre-emptive action
•Good planning and prioritization ability. Ability to manage concurrent activities with varying/conflicting priorities
•Personable, conscientious, ability to cope with pressure and to prioritise work
•Ability to analyze, define and specify customer requirements
Preferred Licenses/Certifications
• GIAC Certified Incident Handler (GCIH)
•GIAC Certified Intrusion Analyst (GCIA)
•GIAC Penetration Tester (GPEN)
•GIAC Reverse Engineering Malware (GREM)
•Certified Information Systems Security Professional (CISSP)
•Certified Cloud Security Professional (CCSP)
•Council for Registered Ethical Security Testers (CREST)
•Offensive Security Certified Professional (OSCP)
Preferred Knowledge
• Advanced understanding of tools, techniques and procedures that modern attackers use to compromise organisations.
•Demonstrable understanding of various security frameworks and methodologies such as OWASP 10, SANS TOP 25, NIST Incident Reponses, CERT Model, Diamond Model, MITRE ATT&CK, and the Extended Cyber Kill Chain.
How to Apply:
To submit your application, click "Apply" and follow the step by step process.
Equal Employment Opportunity:
QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.