Cyber Operations Engineer

Role & responsibilities

.

• Implement Information Protection via Microsoft Purview, i.e. Sensitivity labelling, Trainable classifiers, encryption rules.
• Implement Data Loss Prevention Policies.
• Implement Data Lifecycle & Records Management, i.e. retention labels and policies.
• Monitor & Investigate with Microsoft Purview, i.e. Audit logs in Sentinel, eDiscovery, etc
• Implement, Manage and monitor Insider Risk processes, policies, alerts and adaptive protection configuration.

Foundational Responsibilities:

Monitoring and Analysis:

• Monitor security events and alerts generated by various security tools and technologies.
• Analyze security logs, network traffic, and other relevant data sources to identify potential security incidents or breaches.
• Investigate and respond to security alerts in a timely manner, escalating as necessary to ensure appropriate action is taken.

Incident Response:

• Coordinate and participate in incident response activities, including containment, eradication, and recovery efforts.
• Document and communicate incident details, actions taken, and lessons learned to improve response processes and prevent future incidents.
• Collaborate with cross-functional teams to mitigate security risks and ensure business continuity.

Vulnerability Management:

• Conduct regular vulnerability assessments and scans across the organization's systems and networks.
• Prioritize and remediate identified vulnerabilities based on risk assessment and severity levels.
• Coordinate with system owners and stakeholders to ensure timely patching and mitigation of vulnerabilities.
• Develop and maintain vulnerability management processes and procedures to ensure effectiveness and efficiency.

Threat Intelligence:

• Stay abreast of the latest cyber threats, vulnerabilities, and attack techniques.
• Research and analyze threat intelligence feeds to proactively identify emerging threats and vulnerabilities that may impact the organization.
• Provide recommendations for security enhancements based on threat intelligence insights.

Security Operations Enhancement:

• Assist in the development, implementation, and enhancement of security operations processes, procedures, and controls.
• Contribute to the tuning and optimization of security tools and technologies to improve detection and response capabilities.
• Conduct periodic security assessments and audits to ensure compliance with security policies, standards, and regulations.

Training and Awareness:

• Develop and deliver security awareness training and educational materials for employees to promote a culture of security awareness and best practices.
• Provide guidance and support to internal stakeholders on security-related matters, including incident reporting and response procedures.

.Influence And Decision-Making Authority:

• Operating within practices and procedures covered by precedent or well-defined policies; end results will be subject to review. The job will contain a variety of activities and clear short-term objectives.
• The job holder may determine their own priorities whilst meeting clear outcomes.Explains policies, practices and procedures of the job area to parties within and outside of own job function.
• May have responsibility for communicating with parties external to the organisation (e.g., customers, vendors, etc.). Typically, not required to influence parties or setup policies, standards or procedures.

Job Requirements & Capabilities

• Bachelor's degree in computer science, Information Security, or a related field (or equivalent work experience).
• SC-400: Microsoft Information Protection and Compliance Administrator Associate or SC-401 Microsoft 365 Information Protection Administrator

Job specific capabilities/skills:

• 3-4 years of experience in a cyber security operations role, with hands-on experience in security monitoring, incident response, vulnerability management, and threat intelligence analysis.
• This is a specialist role in information protection and therefore expertise in setting up configurations in Office365 Purview DLP, Insider Risk management, Data Labelling, eDiscovery and data retention policies is a top priority.
• Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security.
• An ability to work under pressure, particularly when dealing with threats and at times of high demand.