SOC Engineer
Undisclosed
مجموع سنوات الخبرة :11 years, 5 أشهر
- Design, PoC and Build contingency solution for LMA (Logging, Monitoring and Alerting) solution based on ELK
- Define and implement alerting for AWS and custom tools utilised
Appointed following success in the Cabinet Office to ensure the successful deployment of a new and complex analytics programme.
Cabinet Office
Developed new tools and techniques to enable cyber threat hunting and analysis, in addition to undertaking malware analysis and reporting.
•Collected and categorised multiple sources of Indicators of Compromise to fortify the cyber robustness of the organisation.
•Supported the provision of technical knowledge and specialist advice in the interpretation of data from a variety of sources to determine and accurately assess cyber threats.
•Delivered a highly effective cyber security analytics platform and trained stakeholders to use this on an ongoing basis.
Appointed to improve the bank’s cyber capabilities, developing its cyber resilience to ensure business interruption is minimised in the event of an attack.
•Analysed logs and other available facts following an attack to identify Indicators of Compromise and help mitigate against subsequent incidents.
•Developed a suite of strategic and tactical intelligence, information and research products to increase understanding of cyber threats in the company, driving problem solving behaviours and mitigation activity.
•Searched, acquired and analysed the latest malware and malicious tools available to ensure the bank could be protected against these.
Grew HSBC’s cyber intelligence team from two people to seven spread across Strategic and Tactical divisions.
•Designed, reviewed, documented and implemented effective cyber threat intelligence processes.
•Prepared and tested TPAM, Guardium and Patrol technologies for use with the ThreatConnect threat intelligence platform.
•Configured the ThreatConnect platform, including an AWS-based solution, in-house solution and ELK stack.
An integral member of an inter-banking group created to protect the banking network from cyber threats, initially undertaking malware analysis before role was broadened to examine infrastructure and technology.
•Initiated and developed relationships with prominent hackers and malware developers from various regions including Eastern Europe and Latin America to gain intelligence.
•Collaborated with government and other financial institutions to understand the threat landscape and disseminated learning accordingly.
•Developed mutually beneficial information sharing relationships with the NCSC, enabling the flow of information and threat analysis between both organisations.
Worked directly alongside the board of directors to research, develop, expand and improve the services offered by the intelligence solutions provider.
•Managed a team and provided training and guidance for junior investigators, penetration testers and intelligence analysts.
•Enabled new and existing clients to increase their cyber threat capabilities, supporting them with threat modelling, system network hardening and education programmes.
•Performed a range of security assessment reviews against bespoke client infrastructures in order to identify security weaknesses and determine the risk posed by potential cyber threats.
Held responsibility for forensic imaging and evidence collection and computer forensic analysis of endpoints, servers and mobile devices.
•Role developed to encompass software licensing forensics, which required significant script writing and script output analysis.
•Used internal cloud, AWS and Google to design and implement CTI functionality within the team.
Managed a team of five to provide security assessment reviews, penetration tests and vulnerability assessments to improve clients’ cyber resilience.
•Provided additional support to marketing, business development and sales functions as a subject matter expert.
•Promoted to Head of Covert Intelligence and commercialised cutting-edge software packages that were then provided to clients.
Computing and Security