The Company
WTW is an award-winning advisory, broking and solutions company that helps clients around the world turn risk into a path for growth.
From the Titanic ship in 1912 to The Moon Buggy in 1971, WTW has a richness in insurance history dating back to 1828.
Our WTW Regional Delivery Hub based in the heart of Lisbon encompasses a +175 strong global team who deliver operational excellence through innovation and streamlined solutions every single day.
The Role
Technical:
Oversee the monitoring, investigation, containment, and eradication of cyber security threats against our business.
Lead the GSOC team in seeking out potential security issues through log analysis and use of tools such as SIEM, UEBA, EDR, etc.
Responsible for determining the response that should be put into action to mitigate damage and prevent the spread of security threats.
Escalate high priority or high severity alerts/incidents to the escalations team and ensure they are monitored and handled according to prescribed processes.
Ensure that there is a timely response to any cyber incidents to minimize the impact on the business, including interacting with different technical teams and business areas where needed.
Represent GSOC in incident stand-up calls to assist the GSOC Manager.
Use the latest threat intelligence to adapt your approach to detect the latest threats.
Ensure the team is working efficiently by identifying tuning opportunities, creating automation playbooks, and optimal use of technology.
Review and provide technical advice on tuning recommendations submitted by Level 1s and Level 2s to improve the business's security posture against attackers and threats through fine-tuning and rule creation.
Act as an escalation point to provide process and/or technical advice for Level 1 and Level 2 analysts.
Perform quality audits for tickets handled by Level 2s to ensure incidents were managed according to prescribed processes.
Attend handover calls to support Level 1s and Level 2s, providing advice (process/technical) on alerts/incidents for consultation.
May also be asked to lead teams/sub-teams within the GSOC as needed.
Provide on-call support (in rotation with other L3 Analysts) for high priority or high severity alerts/incidents.
Non-Technical:
Ensure there is a balanced capacity and workforce to maintain delivery of a 24 x 7 SOC service.
Create and produce required regular reports for the leadership team and meaningful reports to articulate security posture, trends, and patterns.
Assist L3 Manager in generating raw data for KPIs, submitting calculations, recording results, and recommending measures to maintain quality performance.
Line management responsibilities for Level 1s and Level 2s, including mentoring, coaching, and corrective actions.
Help Level 2 analysts deliver training to mature skills of new joiners or colleagues.
Conduct regular reviews of knowledge bases, processes, and runbooks to ensure they are up to date.
Regularly contribute to the SOC playbooks and knowledge base with findings from investigations on different attacker tools, tactics, and procedures applicable to future investigations.
The Requirements
What you will need:
Experience working as part of a 24/7 SOC across different locations; must be a team player with the ability and desire to engage with different internal stakeholders and colleagues.
6+ years of experience working in a mature cyber defense center or security operations center.
Great troubleshooting skills, research ability, and effective communication during stressful times, maintaining a calm and friendly approach.
Solid time management skills and dependability.
Hands-on experience using SIEM, UEBA, and EDR as a Level 3 security analyst.
Experience leading investigations and comfortable communicating with stakeholders on technical and non-technical levels.
Excellent verbal and written communication skills, with the ability to write structured reports.
MSc in a security field or equivalent experience in a security-related function.
Inquisitive nature with a strong sense of personal responsibility for learning and self-development.
Ability to identify common attack techniques within specific technologies.
Working knowledge of networking protocols/technologies (e.g., TCP, IP, HTTP/HTTPS).
Working knowledge of Unix, Linux, and Windows operating systems.
Exposure to attack and penetration methods and tools.
Ability to build scripts, tools, or methodologies to enhance incident investigations and processes (e.g., Python, PowerShell, Wireshark).
Experience with advanced investigation techniques, demonstrating 1 or 2 of the following:
Network forensic acquisition and analysis (using tools such as Deep Packet Analysis, Wireshark, NetWitness)
End-point forensic acquisition and analysis (using tools such as EnCase, X-Ways, Axiom, IEF, FTK)
Memory Analysis
Analysis of various security logs (endpoint, security appliances, SIEM)
Reverse Malware Engineering
Beneficial:
Any relevant security certifications (CISSP, CISM, SSCP, OCSP, Security+, CySA+, CASP+, GREM, GCIA, etc.).
Any relevant network certifications (Network +, CCNA, etc.).
Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection).
What's in it for you?
In WTW, you'll find a professional yet friendly environment in an office based in a fast-growing European capital. Join a team of dynamic and motivating colleagues!
In addition to our attractive remuneration package, we offer:
Work-life balance: Mobile working or in the office? Flexible working hours? Sure, no problem. Hybrid working is more than just a buzzword for us.
Monetary benefit: An attractive, performance-related remuneration system.
Internationality: An international management consultancy and the security of a global corporation with renowned customers.
Development opportunities: A steep learning curve and sufficient freedom for individual career development: You will dive deep into a variety of topics, both on-the-job and in intensive specialist training.
Cooperation: Learning from each other and making decisions together, collegial, appreciative, and dynamic.
Customer contact: Quickly take responsibility.
Corporate events: Together we celebrate our successes and our community.
Willis Towers Watson is an equal opportunity employer.
#J-18808-Ljbffr
