Advanced Cyber Threat Analyst

At M&G our purpose is to give everyone real confidence to put their money to work. As an international savings and investments business with roots stretching back more than 170 years, we offer a range of financial products and services through Asset Management, Life and Wealth. All three operating segments work together to deliver attractive financial outcomes for our clients, and superior shareholder returns.

Through our behaviours of telling it like it is, owning it now, and moving it forward together with care and integrity; we are creating an exceptional place to work for exceptional talent.

We will consider flexible working arrangements for any of our roles and also offer work place accommodations to ensure you have what you need to effectively deliver in your role.

The Advanced Cyber Threat Analyst role is positioned with the M&G Security Operations team that consists of the following functions:

• Security Operations Centre (Monitoring)
• Threat Intelligence and Vulnerability Management
• Security Engineering
• Cyber Response (Security Incident Management and Cyber Resilience)
• Application Security
• High Tech Investigations

The role reports in directly to the SOC Manager and the successful applicant will work alongside an internal team as well as a Managed Security Service consisting of 24/7 L1 and L2 SOC analysts.

Key Responsibilities:

• Use-case tuning and development – helping to ensure the analytical rules continue to be fit for purpose and reflective of real-world attack scenarios including assisting MSSP in driving team automation
• Development of Sentinel playbooks to support automation
• Incident Response – Blocking of IOCs, stakeholder alerting, act as a part of team co-ordinated activity
• Threat Hunting based on adversary campaigns and TTPs
• Collaboration with internal teams within the Security Operations function and wider M&G to ensure effective service.
• Collaboration with external teams within the Security Operations function (such as the managed service provider) where necessary to investigate cyber security alerts and incidents.
• Act as a business point of escalation for MSSP L1s and L2s where further assistance is required from the 24/7 monitoring team.
• Pro-actively suggesting service improvements with the aim of improving the organisation’s security posture.
• Be able to articulate complex problems, risks and solutions to key stakeholders internally and externally.
• Adherence to existing processes/procedures and aid in new process development where a new business requirement comes into existence.
• Supporting of key regular internal/external audit activities where applicable – typically through tracking of SOC activities, adherence to process/procedures and ad-hoc participation in technical sessions to support the SOC Manager where required.

Target Skills, Experience and Technologies:

• Previous experience in Security Operations environment
• Exposure to Cyber Incident Response.
• Experience in Endpoint Detection and Response tooling (ideally Defender for Endpoint)
• Experience in Microsoft Sentinel (querying of logs, knowledge of analytical rules)
• Experience with IDPS systems (NGFW, Firepower/Sourcefire etc)
• Experience in other Microsoft Azure environment – including use of Azure Activity Directory, Identity Protection, Defender for Cloud etc.
• Use-case management (fine tuning of false positives etc)
• Experience in developing Sentinel playbooks and automation
• Ideally having worked in the financial services sector (or another highly regulated area)

Desirable Certifications

Desirable certifications for the role at this level may include:

• Non-vendor specific such as CompTIA Security+, CySa+, GCIH etc
• Microsoft specific such as SC200, AZ500

Recruiter - Martyn Jack

We have a diverse workforce and an inclusive culture at M&G plc, underpinned by our policies and our employee-led networks who provide networking opportunities, advice and support for the diverse communities our colleagues represent. Regardless of gender, ethnicity, age, sexual orientation, nationality, disability or long term condition, we are looking to attract, promote and retain exceptional people. We also welcome those who take part in military service and those returning from career breaks.