Cyber Defense Operations - Technical Specialist

Job Description

Title                  Technical Specialist

Department      FIL – Cyber Defence Operations

Location           Dalian Office

Reports To       Senior Technical Consultant - CDO

Level                4

We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So, bring your boldest ideas to our Cyber Defense Operations team and feel like you’re making progress.

About your team

Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives – their financial well-being.

Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients’ digital assets and infrastructure against evolving cyber threats.

The Technical Specialist (L3) within our SOC team focuses on safeguarding and defending FIL from Cyber threats using a multitude of tools at your disposal. You will be working with a high performing global team in responding to security events and progressing them using internal processes.

About your role
The L3 SOC Analyst will play a pivotal role in supporting the Cyber Defense Operations team by timely response to our security alerts that needs in-depth investigations, supporting junior analysts with their analysis and escalations. You will also be responsible to work within our CIRT team to lead and assist Cyber Incidents, or when CIRT is engaged by Major Incidents team. Your wealth of information and experience using solutions like SIEM, SOAR, IDS/IPS, E/XDR, Email security should enable you to excel in this role during investigations. Your experience in Incident Handling and Process development should help you deliver tasks of Incident handling and stakeholder management, development of new playbooks and processes for detection use-cases and keep them updated to align with the changing cyber landscape. You will be at the forefront of developing new detection use-cases in the SIEM to mature the team’s capability to detect threats. The ideal candidate will be responsible for driving excellence and innovation across the team and challenge the current setup and process to enhance our Cyber Defences.

About you

Key Responsibilities

• Lead and coordinate the investigation and response to escalated alerts and ensure in-depth technical analysis is conducted. 
• Monitor security alerts and logs to identify and counteract potential security threats.
• Coordinate and lead high-level security incidents in our CIRT team, ensuring effective communication with all stakeholders.
• Utilize tools such as Microsoft Defender, Azure Sentinel, and ServiceNow to monitor, analyse, and manage security events.
• Develop new detection use-cases to mature our monitoring and detection landscape, and regular review of production use-cases to curb false positive alerting. 
• Contribute to developing and maintaining incident response strategies and update processes, playbooks to align with evolving cybersecurity landscapes.
• Mentor and oversee junior analysts, fostering a culture of continuous learning and professional development.
• Conduct post-incident analysis and present detailed reports to executive management, recommending improvements to security policies and procedures.
• Participate in a rotational on-call support to support our 24x7x365 operations. 
• Participate in the design and implementation of new security tools and technologies.
• Generate comprehensive reports on incident findings and response actions for senior management.

Experience and Skills Required

• A minimum of 5 years of experience in a SOC environment, preferably in Financial Services, with at least 2 years in an L2/L3 position. 
• Proficient in security solutions like SIEM (Sentinel), intrusion detection/prevention systems, EDR/XDR (Defender), SOAR, and ticketing solution like ServiceNow, etc.
• Proven track record of managing security incidents and working with technical and non-technical stakeholders, with timely delivery of updates and tasks assigned by Incident Manager.
• Experience in network flow and traffic analysis to identify C2 and apply preventative controls to defend.
• Ability to investigate and navigate through complex investigations and leveraging solutions like Sandbox, CyberChef, etc. to identify the end payload and mitigating it.
• Relevant professional certifications like SC-200, CEH, SCS-C02, GCIH, GCIA, etc. are beneficial.
• Experience developing and fine-tuning Detection use-cases using KQL and possess Innovative Mindset to challenge current processes.
• Employ excellent communication skills, both written and verbal, to articulate security concepts, present findings, and engage with diverse stakeholders, including technical and non-technical audiences.
• Demonstrate adaptability to evolving security landscapes, staying updated on industry trends, and proactively integrating new technologies and methodologies into security tooling strategies.
• Programming experience (PowerShell, Bash, Python, JavaScript) to analyse and investigate potentially malicious scripts on both Windows and Linux systems.
• Previous experience of Threat Hunting will be beneficial.
• Experience in Cloud environments would be desirable.
• Understanding of modern security attack techniques and how best to detect them.

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team. For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.

For more about our work, our approach to dynamic working and how you could build your future here, visit careers.fidelityinternational.com.