Senior Cybersecurity Engineer - London, N1C 4AG

Senior Cybersecurity Engineer - London, N1C 4AG, United Kingdom

The A Side: A Day in The Life

The Senior Cybersecurity Engineer role is part of the Security Operations team that will, manage, maintain, design, configure, and document security tools, systems, and processes. The successful candidate will report to the Senior Vice President Global Cybersecurity & Crisis Management. We are looking for a highly motivated individual with strong experience working in a senior role on security solutions and incident response in an enterprise environment. The role will support the Global Security Office (GSO) mission of security and reliability by working across the organization to lead response to security events and incidents by effectively conducting triage, containment, remediation and driving post-incident improvements. The position works closely with technology, application teams and business units. The Senior Cybersecurity Engineer will support other efforts in the SecOps, Insider Threat & Business Resiliency teams and work closely with other team members in the Global Security Office (GSO). This role will allow learning and growth on various security technologies.

The B Side: Skills & Experience

Be Collaborative

• Lead and support the response to all security events and incidents across UMG’s global infrastructure, services and applications
• Lead projects, planning, controlling, executing, and closing assigned projects to produce required deliverables

Be Organised

• Be responsible for documentation of incidents and projects you work on and craft best practices as runbooks and standard operating procedures to share knowledge across teams
• Support projects end-to-end that will improve UMG’s Threat Detection and Response (TDR) capabilities and initiatives
• Ensure compliance with internal policies, standards, and regulatory requirements
• Perform other duties as assigned
• Own the security incident lifecycle, respond to incidents and participate in on-call rotation for security incident

Be Technical

• Work to improve UMG’s security and reliability posture by driving identified improvements from security events and incidents
• Rapidly acquire new technical skills and knowledge in a fast-paced, highly disruptive music industry environment
• Understand security vulnerabilities, attacker exploit techniques, and methods for their remediation
• Execute on the vision and develop creative innovative approaches to accelerate threat response and remediation of security incident
• Administer security tools and technologies
• Automate triage, analysis, response, and remediation tasks and processes with code, APIs, and SOAR tools. Contribute to the creation and tuning of detection rules
• Maintain security systems (Linux, Windows, etc.) E.g., install security patches, OS updates, etc
• Collect and review systems and application security logs from all systems (Firewalls, OS, Email, IDS, Splunk, etc) take action to mitigate any threats based on findings
• Conduct log analysis across a diverse ecosystem of technology (operating systems, internally developed web apps, software-as-a-service apps, cloud infrastructure)
• Perform forensics activities and root cause analyses
• Participate in the assessment of network design/architecture, development, and implementation of any new application or service
• Conduct Vulnerability Assessments as required
• Assess and triage potential security incidents. Coordinating and leading response to high impact security incidents
• Lead efforts to detect and analyze malicious software and work with vendors and teams

Person Specification

Necessary

• Strong systems engineering experience and cybersecurity work with a focus on incident response, digital forensics, security engineering, and/or intrusion detection
• Strong interpersonal skills, communication and presentation skills
• Ability to take initiative and work proactively with minimal supervision
• Strong technical foundation, including expertise in Systems and Network Administration, Windows Clients and Servers, Linux environments
• Team player with strong interpersonal skills and a professional attitude
• Experience with SOAR and EDR tools
• Experience working with Python and Linux shell scripts and regex
• Proficient in Microsoft Office products (Word, Excel, Visio, PowerPoint)
• Experience with threat Intelligence, conducting research on emerging threats, identifying and deploying solutions to prevent such threats occurring working with the team
• Experience with log analysis and forensic tools
• Experience monitoring and responding to security incidents involving traditional (Windows, Mac, Linux) and cloud-based infrastructure (AWS, GCP, and/or Azure)
• Expertise in handling complex security investigations
• Ability to work ‘non-standard’ hours, to overlap as needed with colleagues and stakeholders in other global locations, participate in SecOps on-call rotation, including weekend and holiday hours
• Experience leveraging automation to improve operational security metrics and dashboards by identifying security response gaps in systems, services and processes and propose and deliver solutions to close security monitoring gaps
• Excellent analytical and problem-solving skills. Knowledge about exploits, vulnerabilities, network attacks
• Solid understanding of information security related standards, analysis frameworks (MITRE ATT&CK, Kill Chain, NIST Incident Response, etc.) and technologies. The ability to learn new technology and concepts quickly
• Ability to work under pressure and handle multiple projects with tight deadlines across a global enterprise
• Experience with information security SIEMs, vulnerability scanners and application scanners
• Must be proficient with Linux administration
• Ability to construct basic Boolean logic and regex search strings
• Familiarity with enterprise security controls and security best practices for Windows, Linux, and Mac systems