.The Company WTW is an award-winning advisory, broking and solutions company that helps clients around the world turn risk into a path for growth. From the Titanic ship in 1912 to The Moon Buggy in 1971, WTW has a richness in insurance history dating back to 1828. Our WTW Regional Delivery Hub based in the heart of Lisbon encompasses a +175 strong global team who deliver operational excellence through innovation and streamlined solutions every single day. The Role Technical: Oversee the monitoring, investigation, containment, and eradication of cyber security threats against our business. Lead the GSOC team in seeking out potential security issues through log analysis and use of tools such as SIEM, UEBA, EDR, etc. Responsible for determining the response that should be put into action to mitigate damage and prevent the spread of security threats. Escalate high priority or high severity alerts/incidents to the escalations team and ensure they are monitored and handled according to prescribed processes. Ensure that there is a timely response to any cyber incidents to minimize the impact on the business, including interacting with different technical teams and business areas where needed. Represent GSOC in incident stand-up calls to assist the GSOC Manager. Use the latest threat intelligence to adapt your approach to detect the latest threats. Ensure the team is working efficiently by identifying tuning opportunities, creating automation playbooks, and optimal use of technology. Review and provide technical advice on tuning recommendations submitted by Level 1s and Level 2s to improve the business's security posture against attackers and threats through fine-tuning and rule creation. Act as an escalation point to provide process and/or technical advice for Level 1 and Level 2 analysts. Perform quality audits for tickets handled by Level 2s to ensure incidents were managed according to prescribed processes. Attend handover calls to support Level 1s and Level 2s, providing advice (process/technical) on alerts/incidents for consultation. May also be asked to lead teams/sub-teams within the GSOC as needed. Provide on-call support (in rotation with other L3 Analysts) for high priority or high severity alerts/incidents. Non-Technical: Ensure there is a balanced capacity and workforce to maintain delivery of a 24 x 7 SOC service. Create and produce required regular reports for the leadership team and meaningful reports to articulate security posture, trends, and patterns. Assist L3 Manager in generating raw data for KPIs, submitting calculations, recording results, and recommending measures to maintain quality performance. Line management responsibilities for Level 1s and Level 2s, including mentoring, coaching, and corrective actions. Help Level 2 analysts deliver training to mature skills of new joiners or colleagues. Conduct regular reviews of knowledge bases, processes, and runbooks to ensure they are up to date
