Senior CTOC Analyst

Excited to grow your career?

Our purpose is to make it easy for people to save and invest for a better future. We are looking for great people to join us, so please come and invest in YOUR future at Hargreaves Lansdown.

We know that sometimes people can be put off applying for a job if they don't tick every box. If you're excited about working for us and have most of the skills or experience we're looking for, please go ahead and apply. We’d love to hear from you!

About the role

The Senior CTOC Analyst (Cyber Threat Operations Centre) will join an experienced team of security analysts and provide technical expertise into investigations and incidents. This role will have a focus on handling escalations from the team on alerts or incidents which require a deeper technical analysis which should lead to recommendations and improvements. You will also have the responsibility of handling proactive Threat Hunting and Detection Engineering capabilities within the team. These are heavily technical functions which require a deep understanding of our toolset and query language, and the tools, techniques and procedures (TTPs) used by threat actors.

What you’ll be doing

• Provide detailed and in-depth analysis of security incidents ensuring they are properly documented and escalated as required.
• Act as the escalation point for security incidents that have been processed by the CTOC Analysts.
• Write detailed incident reports which are consumable by audiences of varying technical understanding.
• Support the Incident Response function by providing technical guidance and analysis on active or ongoing incidents.
• Respond to requests for Threat Hunting, as well as, proactively run threat hunts based on incidents and activity seen during the daily operations.
• Maintain SME level knowledge and expertise for security platforms which are in use by the CTOC and proactively develop skills as required.
• Work with our SIEM and cloud security solutions to investigate threats, deliver or recommend countermeasures, and perform advanced network and host analysis in the event of a compromise.
• Design, build and deploy threat driven detections within the SIEM platform in-line with internal processes.
• Maintain and update as required the existing detections, ensuring they are fit for purpose, tested and validated.  
   

About you

• Proven experience in a security operations role, or technical security role, supporting incident investigations and remediation activities.
• Excellent security analysis skills utilising SIEM technologies and query languages for advanced analysis and threat hunting
• Ability to research and deploy new threat-driven detections into SIEM environment
• Coding scripting
• Demonstrated experience of working within hybrid cloud environments.
• Up to date knowledge of current threats, vulnerabilities, and attack trends.
• Demonstrated experience with enterprise networking and operating systems, with an understanding of networking principles (TCP/IP, DNS, VPN, etc.).
• Strong knowledge of network security technologies such as firewalls, IDS/IPS, NX Agents
• Strong knowledge with common operating systems (Windows, Linux, macOS) and their security features.

Interview process

This will be a two-stage interview process, including an introductory call and a competency-based interview.

Working Schedule

We are based in Bristol, BS1 5HL. This role is permanent, full time, 37.5 hours per week, Monday to Friday. We have returned to the office, however for this role we offer a flexible working pattern to enable you the option of working from home and coming into the office around once/twice a month.

Why us?

Here at HL, we’re the UK’s number 1 investment platform for private investors, based in Bristol. For more than 40 years we’ve helped investors save time, tax and money on their investments.

To achieve our mission, we believe we have a workplace like no other, with constant learning, dynamic teams, and a great ethos. We're steered by core values that promote service, quality, innovation, and opportunity in everything we do.

What's on offer?

• Discretionary annual bonus* and annual pay review 
• 25 days* holiday plus bank holidays and 1-day additional Christmas closure 
• Option to purchase an additional 5 days holiday**  
• Flexible working options available, including hybrid working  
• Enhanced parental leave 
• Pension scheme up to 11% employer contribution 
• Income Protection and Life insurance (4 x salary core level of cover)  
• Private medical insurance* 
• Health care cash plans - including optical, dental, and outpatient care 
• Health screening programme
• Help@hand - confidential support including mental health counselling and remote GP 
• Wellhub - unlimited access to fitness providers and wellness coach sessions 
• Variety of travel to work schemes with bike storage and shower facilities 
• Inhouse barista and deli serving subsidised coffee and sandwiches 
• Two paid volunteering days per year 

* dependant on role level 

** only available to select during our annual benefits window, in November each year 

​

Hargreaves Lansdown is an inclusive employer that values diversity in its workforce. We encourage applications from all individuals without regard to race, religion, gender, sexual orientation, national origin, disability or age.

This role may also be available on a flexible working or part time basis – please ask the Recruitment & Onboarding team for more information.

Please note, we are unable to provide employment sponsorship to candidates.