e.g. job, company, title
e.g. city, county or postcode
advanced search »

Security Architect, Orchestration & Automation

Salary:
60,951 P.A. ?
Location:
Belfast
Company:
Baker & McKenzie Solicitors

Description

Description

Closing Dates 13th November 2020

Location: Belfast

Description

The Security Architect, Orchestration & Automation will be responsible for integrating and connecting disparate security toolsets in an effort to achieve synergies that improve the overall effectiveness and efficiency of the Firm’s security operations.

The Security Architect, Orchestration & Automation will SOAR principles to existing Firm systems and actively seek new opportunities for the implementation of these principles across technical teams and platforms; provide direct technical support of key SOAR infrastructure, including development and maintenance of supporting tools, scripts, dashboards, and metrics is required.

The role exists to protect the confidentiality, integrity, availability, and recoverability of information, systems and facilities in compliance with organizational policies and standards.

Responsibilities:

* Critically analyze proposed and existing solutions for adherence to the Firm's design requirements, including requirements resulting from the ISMS Policy, client contracts, the regulatory environment, and professional obligations

* Provide expert counsel to constituents regarding their information security obligations and facilitate an acceptable outcome based upon the tenets of the Firm's Risk Management Framework; frequent interfacing with technical, legal, and business operations personnel is expected

* Architect, implement and support event management and logging solutions identified as necessary for the protection of Firm assets

* Integrate and connect disparate systems to achieve synergistic incident detection, reporting, and response outcomes

* Seek new opportunities for the application of SOAR technologies, principles and concepts across technical teams, processes, and systems

* Develop, maintain and support key SOAR infrastructure, including toolsets, scripts, dashboards and metrics

* Work closely with key constituents, such as SOC/IR, to deliver SOAR capabilities consistent with design requirements

* Provide input, create documentation, and review information security policies and procedures

* Utilize common security toolsets (SIEM, sniffer, IDS, etc) to identify issues and analyze compliance with existing policies and procedures

* Provide high quality, business-level reports to management

* Contribute to the Firm's security-related information repositories (web, database, SharePoint)

* Monitor and report on compliance with the Firm’s information security policies and procedures

* Monitor internal control systems to ensure that appropriate information access levels and security clearances are maintained

* Stay abreast of the threat, capability, and technology landscape

* Report compliance failures to appropriate management for immediate remediation

* Participate in the definition of the organization’s IT disaster recovery and continuity plans for security event management systems

* Serve as an internal information security consultant and mentor regarding security event logging to the Security Team and other constituents by monitoring information security technologies and trends, providing expert guidance, and assisting with knowledge development/mentoring activities

* Serve as a 3rd-level support resource for the purposes of ticket resolution and change management activities

* Analyze, recommend, and implement controls as determined necessary by management

* Support Firm standard security applications, utilities, and processes. Utilize remote control and remote access software in the performance of duties

* Utilize standard security tools such as a SIEM, IDS and other event logging systems.

Experience Required

Skills and Experience:

* Computer Science Bachelor’s Degree or substantial equivalent experience

* Extensive professional experience with advanced information IT and security systems, including TCP/IP networking, scripting, and incident handling

* Substantial proven experience of designing and implementing cyber security solutions in a large enterprise

* Strong experience managing SIEM deployments

* Experience of using scripts or other SOAR tools to automate security practices

* Strong experience acting in a security advisory capacity to multiple constituencies

* CISSP, SSCP, CISM, CRISC, CISA, or CGEIT preferred

* SANS GPYC or equivalent coding experience beneficial

* Expert understanding of security concepts, technologies, controls, and best practices

* Working knowledge of information security frameworks such as ISO27001, NIST, and CIS

* Ability to synthesize contract language and convert such language to controls

* Authoritative understanding of security threats, qualitative and quantitative risk valuation models, and effective tools, tactics, and techniques for risk reduction

* Expert understanding of SIEM/SOAR concepts and toolsets, including how to architect, automate, and integrate effectively with Incident Response

* Masterful understanding of collecting and utilizing security event telemetry and threat intelligence sources to protect critical assets

* Authoritative understanding of data communications and information systems hardware and software

* Authoritative understanding of principles, theories, techniques, and methods of information system analysis and programming, particularly secure coding practices

* Thorough knowledge of data processing and data communications concepts and services

* Working knowledge of encryption technologies and standards, both at-rest and in-flight

* Familiar with BCP/DR concepts and practices

* Thorough knowledge of computer monitoring systems, endpoint security controls, vendor-supplied packaged programs, macros, utilities, and other highly technical programs

* Expert analysis skills, including the gathering and analyzing of facts, formulating objective conclusions modified by subjective and experience-based qualifiers when appropriate, defining problems, and promoting solutions

* Ability to adapt, integrate, and modify existing programs or vendor-supplied package programs for use with existing information systems

* Proficient in the delivery of training and informational sessions to technical and non-technical constituencies

* Proficient in oral and written English

* Ability to be productive and maintain focus without direct supervision
*