The Senior Security Analyst role will be working within our Security Operations Centre (SOC) to detect potential security incidents and drive an effective response.
Day to day, you will be performing in-depth analysis and investigation of security alerts across our internal infrastructure and online platforms as well as responding to incidents together with our SOC team whilst maintaining and optimising our SOC tooling.
The main duties of the Senior Security Analyst will be:
Performing in-depth investigation and analysis of security alerts to identify and promptly respond to security incidents.
Conducting analysis of artefacts to support incident investigation.
Consuming relevant threat intelligence to drive proactive action within the SOC and wider IT environment.
Collaborating with key stakeholders during investigations to gather further information and coordinate response actions.
Providing insight on the security events, alerts and incidents we handle to the wider Cyber Security team.
Collaborating with the wider Cyber Security team to identify and plan improvements post incident.
Maintaining a broad understanding of IT/online environments and key company assets to enhance decision making and response to incidents.
Maintaining and optimising SOC tools and automation platforms to continuously improve our detection and response capability.
To perform in-depth investigation and analysis of security alerts triggered by the different security controls deployed across our corporate environment and online platforms at the network, host, and application layers within the established SLAs
To lead and / or participate in the response to security incidents that stem from the investigation of security alerts.
To act as support and escalation point for security analysts.
To effectively communicate security alerts and incident status updates to relevant stakeholders.
To conduct Post Incident Reports (PIRs) and identify improvement opportunities.
To maintain and optimise SOC tools and automation platforms to continuously improve our detection and response capability. This includes crafting security rules based on traditional heuristics and machine-learning, etc.
To work with third-party providers to enhance existing security tools.
To document any modifications to SOC processes and tooling within our SOC playbook as appropriate.
To maintain familiarity with the global threat and vulnerability landscape.
Director of Cyber Security, Director of Technical Security, SOC Manager, IT and Online Operations teams, Studio and Development teams, Analytics, Data Protection Officer.
Knowledge & Experience:
The successful candidate must be able to demonstrate a passion and motivation for the role, demonstrating the following qualities:
Intuition to spot the unusual.
Attention to detail.
Ability to adapt to a changing environment.
Desire to continuously optimise through use of scripting and automation.
Effective communication skills with non-technical stakeholders and executives.
Desire to document and share knowledge.
Calmness under pressure, particularly during response situations.
Ability to work well within a distributed global team.
Availability to work out-of-office hours and remotely, when necessary.
It would be desirable for the candidate to have the following experience:
Held prior position(s) within a SOC or security team.
Relevant certifications such as GCIH, GCIA, GCDA, GCED, GDAT, GCFA, GCTI.
It would also be desirable for the candidate to have:
Experience responding to or handling major cyber security incidents.
Experience in designing and developing Security Operations capabilities
Competencies, Skills & Attributes:
The successful candidate should be able to demonstrate general knowledge and experience in some of the following areas:
Querying and analysing structured log data using appropriate query languages.
Building re-usable visualisations / dashboards for security alert triage.
Configuration, tuning and maintenance of SOC tools (e.g., SIEM, Endpoint Detection & Response, Security Orchestration, Automation and Response platforms, etc.)
Maintaining signature-based and anomaly alerts for SIEM solutions.
Programming and scripting skills, including complex regular expressions.
Working knowledge of common security vulnerabilities and exploits.
Familiarisation with common Incident Response frameworks such as NIST.
Strong appreciation of the cyber threat landscape and attacker tactics, techniques and procedures.
Developing operational processes and playbooks.
The candidate must be willing to provide support outside working hours, including weekends, under a short notice period.
The candidate must be willing to commute to the office location under a short notice period.
Our goal at Square Enix is to hire, retain, develop and promote the best talent, regardless of age, gender, race, religious, belief, sexual orientation or physical ability.
Our pledge to D&I
At Square Enix we believe in the importance of being a diverse and global company, and we stand firmly together against any forms of injustice, intolerance, harassment or discrimination. In our effort to create a truly diverse workforce, we pledge to continue to raise awareness in every step of the employee experience, from recruitment to promotions to ensure equal opportunities for all. One of our goals is to champion diversity in games and at work and work together to inspire real change.
Learning and education around D&I will be a key element for us to continue to grow as an organization. With unconscious bias training, D&I workshops and a variety of initiatives to give our employees the opportunity to be heard and be part of that change to achieve real equality. We need all our efforts to continue to build our culture of inclusion and equality.
We are also proud to partner with UKIE's Raise the Game pledge, BAME in Games and Women in Games, to name a few.
Covid-19 remote working
Square Enix are committed to keeping our employees safe. We are listening closely to government guidelines, and this role will be based remotely until the company sees fit to return to the office. This role will be based in our Blackfriars Studio in London, upon return.