Cyber Security Professional - Spain Operations

Why this job matters?

The role holder will be responsible for the in life delivery of 24x7x365 commercial Cyber Security Operations Centre capability to specific customers contractual SLA’s underpinned by specific KPI’s. Team members will perform their responsibilities by shifts ROTA 24x7x365 scheduled. Team members will work with the existing security systems technologies and other core network security products. Team members must complete awareness and application of compliance with BT policy and standards as well as CySOC policies, what are more rigorous in terms of BT Policies definitions of Confidential and Highly Confidential. Youwill maintain relationships with people at an operational level, always under BT code definitions referred to; support, respect and appreciate each other.

What you’ll be doing

Manage complete security incident process for detection, analysis, response and remediation
For P1 and P2 security incidents and major global security incidents, will apply immediate escalations as the security incident process definition.
Monitor and set the correspondence category of every security incident identifying true and false positives based on corresponding use cases in production.
Complete process of:
Case registration in the ticketing system.
Initial event investigation
Basic triage activities
Interaction and communication with customers in detection, analysis, response, and remediation activities.
Ensure the quality of response supporting elements of the investigation and resolution as required and where necessary report incidents involving potential or actual breaches of protective security compliance.
Responsible for keeping control of guaranteeing the SLAs defined for every type of security incident defined per customer ensuring comply.
Discipline and deep know-how to follow the process and documentation defined to ensure the quality parameters defined.
Manage process escalation to security specialists and SOMs regarding defined by every measure defined per incident security type.
Initiative proactive and anticipation to report improvements or lack of process detected.
Must be ensure progressively skills and dynamism to manage the systems and tools demanded for deliver the service with agility and ability.

Skills required for the job

Customer focus: Ability to meet the customers’ needs in line with the business requirements.
Result-orientation: Focusing on the objectives and the required outcomes of the processes while delivering a service.
Teamwork: Working with a cooperative and positive attitude in a group setting to achieve common goals.
Taking ownership: Taking the responsibility and taking care of the consequences of making a decision.    
Analytical mindset: Using all data and information available to analyse and understand a situation, to support decisions.                
Attention to detail: Focusing on all aspects and details of a task and delivering your output with a high level of accuracy.    
Ability to think out of the box, considering collateral environments and understanding the roles/responsibilities of collateral stakeholders (customer mainly)
Language: Fluent in Spanish and English; other languages will be recognized as an advantage.
Knowledge of Security management, network and information security, people security, and running of one or more services within a Security Operations Centre.
Deep Knowledge: 
Knowledge of the TCP/IP protocol suite, DHCP, DNS, LAN/WAN, and Operating System concepts. 
Knowledge network security knowledge to include remote access, DMZ architecture, network monitoring, intrusion detection, and web server security.
Knowledge of security SIEMs and Security Logs Management:
Preferred SIEM systems; Qradar, LogRythm, Sentinel, McAfee and Splunk.
Other preferred SIEM Systems; Arcsight, Fortisiem and Syslog.

Experience you would be expected to have

Minimum of 1 years of experience in security operations preferable CySOC teams or equivalent in CNOC/NOC handling security incidents and investigations and quick understanding of logical and application of use cases
Demonstrate experience working with commonly used malware sandboxes
Good understanding of memory forensics, exploits, & attacks.
Good understanding of open source penetration testing tools.
Understanding of cyber threats and how intelligence is used by security appliances and operators.
Understanding of host and network forensic artifacts and indicators of compromise.
Demonstrate knowledge of Phising & Fraud based in fraudulent email analysis and management of dedicated tools for this purpose as:
Fireeye ETP
Forcepoint
ProofPoint
Cisco Email Security
Symantec Email Security