Security Operations Analyst

Who we are:

We’ve been changing the financial services game since we were founded in 1974, when we invented a whole new category of trading. Today, we’re the world’s No.1 spread betting and CFD provider, with operations in 20 countries across five continents and over 400,000 active clients worldwide. But we know our success is only possible because of our people, who we encourage and empower to be brave, determined and inventive. Join us if you’d like to work in an inclusive, collaborative team that will recognize your talent and allow it to shine.

Where you’ll work :

• As part of our hybrid working environment, you’ll split your time between home and the office. In this way, you’ll be able to enjoy a better work-life balance and always bring your best self to your role.

• At the office, you’ll have access to everything you’d expect from a world-class employer, such as a modern working environment, agile spaces, private quiet rooms and breakout areas. Plus, all our offices are located in iconic city centres, close to everything you might need for a rewarding working experience.

You will be working in Bangalore office. The development team is in Bangalore as well, where you will be associated . We have a flexible working culture which is shaped around the needs of our team members, including working from home and flexible working hours to accommodate personal matters.

How you’ll grow:

• Your personal and professional development are important to us.

• As a company that’s constantly redefining the boundaries of possibility, we’ll challenge you to push yourself, accelerate your ambitions and rise to new levels of excellence.

• We know that’s a big ask, so we’ll make sure that you’re supported all the way, getting the backing you need and the recognition you deserve. If you connect with our vision and can get behind it, you’ll be rewarded with countless opportunities to experience new things and enhance your abilities.

What you’ll get :

As well as having the chance to attend regular social events and join special-interest groups, you get an attractive selection of benefits working with IG: • Matched giving for your fundraising activity • Flexible working hours and work-from-home opportunities

• Performance-related bonuses

• Pension, insurance and medical plans

• Career-focused technical and leadership training in-class and online, incl. unlimited access to LinkedIn Learning platform

• Contribution to gym memberships and more

• A day off on your birthday

• Two days’ volunteering leave per year

Who you are :

• You’re upbeat and enthusiastic, and you have an open mind and a curious, can-do attitude.

• You, like us, understand the importance of collaboration and are driven to be the best in what you do.

• You embody our three core values – to champion the client, learn fast together and raise the bar.

• You want to be part of a proudly carbon-neutral company that will priorities your well being and that of the world around you, helping to create a brighter future for all.

• A company that embraces diversity and welcomes everyone with respect, regardless of race, age, sexual orientation, gender, identification, faith or culture. If you’re inspired by our way of working and can bring something new to our team of top-notch people, then you’ll find a home here.

Core functions include:

Security Monitoring

• Monitor a wide variety of security tools directly and via the SIEM as necessary to detect cyber attacks and

other unauthorized activity.

• Assist with the creation and refinement of security monitoring rules, techniques and processes.

Incident Management

• Gather data and perform the initial analysis for newly discovered security incidents, classifying and triaging as

appropriate.

• Investigate and resolve security incidents both independently and in collaboration with the wider SOC team.

• Ensure accurate logs are made of all actions during incident response activities, and produce a final report

detailing the incident timeline when required.

• Actively participate in post-incident process improvement and reporting activities.

Project Delivery

Take part in the team’s project delivery initiative, rotating between the following roles on a 1-3 monthly schedule:

• Vulnerability Management– maintain regular scans, interpret results, identify asset owners, track

remediation activities and report on the agreed SLAs.

• Security Controls Administration– maintain availability and functionality of all security controls; implement

new and advanced features where available; write technical documentation and manage changes.

• SIEM Maintenance & Content– maintain availability of the underlying infrastructure, develop new alerts,

field parsers, models and automated playbooks, and integrate new log sources where appropriate.

• Threat Intelligence & Threat Hunting– provide, develop and integrate external threat intelligence data into

the team’s detection capabilities; perform proactive threat hunts based on working hypotheses, and

implement subsequent SIEM alerts where required.

• Purple Team & Scenario Exercises– regularly test the team’s detection capabilities, develop scenario based

training, and organise purple team exercises, both in house and with third party providers.

• Insider Threat– maintain and develop the Data Loss Prevention policies in line with the company’s data

classification requirements, and implement exceptions for business approved procedures where required.

Improve the detection and response capabilities of the remaining security controls with a focus on insider

threat.

• Escalation Analyst– support analysts during incident response and take the lead in more complex

investigations; validate true positive security incidents, ensuring all playbook actions have been completed

reliably with an incident timeline populated, and provide training sessions for other analysts

Essential Skills and Attributes:

• At least 2 years of experience in an IT or security role is required - previous SOC or operational security experience is strongly preferred.

• A good understanding of technical IT concepts is required, including: Windows and Linux operating systems and system administration, Networking - including TCP/IP and other common protocols, Microsoft Active Directory, Command line interfaces and basic scripting.

• Understand the purpose and role of common technical security products, such as firewalls, anti-virus, web proxies, SIEM, IDS/IPS, DLP, and EDR.

• Basic familiarity with vulnerability scanning and penetration testing tools and techniques.

• Strong ability to focus and complete detailed tasks with high degree of accuracy.

• Able to communicate complex information clearly and logically, both verbally and in writing.

• Proficient with MS Office for general collaboration, communication, and reporting.

Desirable Skills:

• Previous experience with a SIEM or other SOC tools.

• Experience with network forensic tools, such as network sniffers and protocol analyzers.

• Experience of working in a multi-national organization.

• Experience of working in the finance or technology sectors.

• Interest in financial products, trading, or investments.

Qualifications:

A university degree in one of the following fields is preferred (but not required):

• Cyber / Information Security, Digital Forensics, Ethical Hacking

• Computer Science, Software Development, Network Engineering

• Mathematics, Physics and other STEM subjects

Other desirable certifications include:

• CISSP

• CEH, CREST, OSCP

• Security+, Network+, CySA+

• Vendor certifications for Microsoft, Linux, cloud, networking or security products

Number of openings