Security Operations Analyst

📍London OR UK remote | 💰Up to £45,000 + Benefits | Hear from the team ✨ 

We are looking for a proactive, technically-minded and organised Security Operations Analyst to join us in the bank’s 1st line of defence, which has the ownership, responsibility and accountability for directly assessing, controlling and managing risk.

This role is part of Monzo’s Security Collective which has a wide range of responsibilities, from infrastructure security to application and information security.

⭐Our Security Operations team (SecOps) 

For this role you'll be joining the Security Operations Squad at Monzo. We are a squad dedicated to detection and investigation of potential cybersecurity threats to Monzo and its customers, providing effective incident response where necessary.

You will also be joining the wider Security Collective, a group of people passionate about making Monzo a safer place to work and bank with, to make money work for everyone.

As a bank, we are solving diverse, novel problems to ensure that our customers and data are secure, you will have the opportunity to make a direct impact on that.

One of the guiding principles of security at Monzo is that security at the expense of user experience is a last resort. We aim to move mountains in the background such that we can build world-class features without compromising on security.

🔑 What you’ll be working on (key responsibilities)

The goal of the Security Operations squad is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.

Additionally, you will be helping with the monitoring of information security controls within Monzo by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.

Analytics

• Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.
• Investigating, defining and resolving complex issues.
• Reviewing, updating and creating detection rules
• Producing and developing dashboards and reports to continuously improve security situational awareness.
• Producing incident reports to present activity and outcome of operational security services and activity.

Incident management

• Supporting the investigation of security breaches and coordinating and managing all Incident Responses.
• Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures.
• Investigating the causes of incidents, document findings and seek resolution.
• Making sure the escalation of any unresolved incidents has been completed according to agreed procedures.
• Overseeing the facilitation of recovery, following the resolution of incidents.
• Making sure security incidents have been documented and closed according to agreed procedures.

Information security

• Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
• Creating security risk, vulnerability assessments, and business impact analysis as required.
• Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
• Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.

Security administration

• Oversee the operation or support the operation of tools that contribute to effective security including anti-virus and vulnerability management.
• Making sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
• Undertaking periodic reviews of security policies and baseline control standards, influencing additional and updated controls based on the findings of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.

🤩We’d love to hear from you if…

• You have solid, hands-on experience in a SOC environment
• You have knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention tools and technologies
• You have working knowledge of the Cyber Kill Chain and/or Incident Response Phases and adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (Mitre ATT&CK).
• You have experience with the approaches threat actors take when attacking a network, including phishing, port scanning, web application attacks, DDoS, lateral movement.
• You have experience with Security Monitoring tools.
• You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
• You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
• You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
• You communicate well and can present complex information to both technical and non-technical audiences.
• You’re excited by what we’re doing at Monzo

🙌 What’s in it for you

💰Up to £45,000 ➕benefits & share options.

📍This role can be based in our London office, but we're open to distributed working within the UK (with ad hoc meetings in London)

⏰ We offer flexible working hours and trust you to work enough hours to do your job well, and at times that suit you and your team. 

📚 £1,000 learning budget each year to use on books, training courses and conferences.

🏡 We will set you up to work from home; all employees are given Macbooks and for fully remote workers we will provide extra support for your work-from-home setup. 

➕ Plus lots more! Read our full list of benefits.

🌈 The application journey has 3 key steps

• Short call with a Monzo Recruiter
• Initial video-call with the Hiring Manager (30 mins)
• Interview Loop (2 x video-interviews)

This process should take around 2-3 weeks - your schedule is really important to us, so we promise to be as flexible as possible! 

You’ll hear from us throughout the application process, but if you’ve got any questions, please reach out to [email removed - click apply for more details]  You can also use this email address to let us know if there’s anything we can do to make the process easier for you because of disability, neurodiversity or anything else.

⏳The closing date for applications is 6pm on 24th July

#LI-REMOTE
#CM-1