IT Security Specialist at Discovery Limited

The mission of the IT Security Specialist is to monitor the threat landscape and to select/implement security countermeasures to secure information assets within the Banking environment. The IT Security Specialist will install, configure, and manage IT security technologies and processes to provide preventive, detective, and response capabilities to the organisation. The technologies and processes include (but are not limited to) Firewalls, Intrusion Sensors, Denial of Service mitigation, Network activity monitors, Security Information and Event Management systems, Advanced threat detection solutions, Threat analysis, and Incident response processes. A key requirement for this function is the continuous optimisation of configurations for new and existing security technologies, particularly in instances where such technologies are managed by Group Technology Infrastructure services.

Areas of Responsibility

The IT Security Specialist Must

Process Operational Support

• Monitor reputable information sources (e.g. threat reports, security blogs) to keep abreast of the threat landscape and risks relevant to the bank.
• Monitor security technology roadmaps and recommend feature enhancements or new solutions to address business risks/requirements.
• Analyse and design appropriate security solutions to enable business requirements. For instance, recommend solutions to enable secure 3rd Party connectivity to the bank network.
• Troubleshoot security technology failures/problems as required
• Provide technical expertise and oversight of security technology deployment and configuration. For instance, participating in network segmentation planning, firewall policy reviews, or intrusion sensor policy fine-tuning.
• Perform monitoring and analysis of network activity to identify suspicious or undesirable behaviour, using intrusion sensor technology or packet inspection technology.
• Identify and enable application, system, and security logs across the enterprise to support incident investigations.
• Identify and integrate critical logs (application, security, system) into the Security Information and Event Management (SIEM) solution.
• Create correlations and other logic to identify attackers and defend the bank against advanced attacks.
• Work closely with the Cyber Threat Intelligence team to hunt for threat actor groups, their techniques, tools and processes.
• Provide expert analytic investigative support of large scale and complex security incidents.
• Perform Root Cause Analysis of security incidents for further enhancement of SIEM rules.
• Undertake incident analysis, tracking, recording, and response, with the ability to operate as an incident manager when required.
• Analyse network activity logs to identify anomalies and respond accordingly. Activate the Computer Emergency Response Team for all high or critical anomalies that are identified.
• Research attack/fraud tactics, techniques, and procedures and design detection patterns (correlation rules) within the SIEM. Knowledge of correlation between Business and technology rules is required to provide detection of common and advanced information security threats.
• Provide management information on a monthly basis to illustrate the bank’s security posture.
• Interface with IT stakeholders (e.g. Technology Infrastructure) and ensure that the hosting environment meets service requirements.
• Participate in major Technology Infrastructure (TI) initiatives, such as network isolation.
• Develop Standard Operating Procedures for the support environment.
• Form part of a 24/7 operational support structure for network services and Business systems.
• Adhere to Discovery Purple policies to ensure a secure operating environment.

Programme and Project Support

• Provide support to the Programme Office in the build and implementation of new IT services and major changes to existing services.
• Ensure that appropriate security countermeasures are implemented as recommended to ensure projects are delivered as per schedule.

Compliance, Governance, Risk and Control Processes

• Liaise with Change and Release Management in the planning of changes and releases of services in scope.
• Participate in Business Continuity plans for services in scope.
• Participate in Disaster Recovery Planning activities to ensure access to Business services in the event of a major outage, and partake in regular DR tests.