Threat Intelligence Data Engineer, Cyber Security Operations (CSOC)

Title: Threat Intelligence Data Engineer, Cyber Security Operations (CSOC)

Location: UK remote

About GTT

GTT is a leading global provider of secure cloud networking solutions for multinational organizations. We design and deliver solutions that leverage advanced cloud, networking and security technologies. We complement our solutions with a suite of professional services and exceptional sales and support teams in local markets around the world. We serve thousands of national and multinational companies with a portfolio that includes SD-WAN, security, Internet, voice and other connectivity options. Our services are uniquely enabled by our top-ranked, global, Tier 1 IP backbone, which spans more than 260 cities on six continents. The company culture is built on a customer-first service experience reinforced by our commitment to operational excellence and continuous improvement in our business, environmental, social and governance practices. For more information, visit gtt.net.

Team Description

We are expanding our highly successful CSOC team. Working out of GTT’s Security Operations Centre, the CSOC team focuses on providing proactive monitoring, SIEMaaS, Wan Compliance and MDR services with a particular focus on improving the services we offer to customers and expanding the portfolio of customer security services.

The CSOC team provides a highly rewarding and challenging experience for Security Specialists, providing operational and technical support across multiple customer platforms.

The team work closely with our Global client base to deliver a wide range of Security Services. The team culture and team ethic is very much ‘start-up’, move fast, change what needs changing fast, encourage ideas and use the good ones to move and improve.

Role Description

A challenging and fulfilling modern technology role expanding upon the current CSOC capabilities by utilising traffic flow data on GTT global network to generate inhouse threat intelligence.

The threat intelligence data engineer, Cyber Security Operations designs, builds and operates a technology platform that assesses anomalous traffic flows acros the GTT network to facilitate the generation of accurate and actionable threat intelligence

Responsible for:

-              Interacting with core network engineering teams

-              Management of Arista switches used for analysis

-              Operation of data analytics platform

-               Identification of opportunities to utilise AI in the generation of threat intelligence

-               enrichment of raw traffic flow data

Main Duties

• Management of threat intelligence platform.

• Collaborate with internal teams such as Product Management, Development, and Corporate Security to identify and deliver functionality to continually improve our products using industry best practices and trending customer requirements.

• Act as the escalation point for all matters relating to inhouse threat intelligence generation.

• Build relationships and become a trusted advisor to other department that make use of threat intelligence

• Assess and drive metrics for the threat intelligence platform 

• Develop tools, processes and communication strategies to ensure a timely and responsive approach to both customer reported and internally identified issues.

• Manage 3rd party vendors including service review and licensing requirements.

• Develop employee training requirements to ensure staff are highly proficient with the use of GTT’s threat intelligence data

Technical Experience

Essential:

• Certified in Arista switches

• Expert level knowledge at data analytics

Benficial:

Cisco /  juniper

AI / generative AI

Working Hours

Standard. 7 hours per day with 1 hour lunch break between 9am and 5:00pm.

Occasional extended hours may be required during management escalation, critical incidents and platform upgrades.

Security

SC clearance required – (by end of probation period, can be extended)

Core Competencies

• Deep understanding of Arista switch configuration for the purpose of packet analysis

• Understanding of data analytics and anomaly identification

• Ability to generate a sense of urgency and rally appropriate resources both internally and with third parties.

• Strong problem solving, priority setting, facilitation, multi-tasking, analytical, and collaboration skills.

• Significant understanding of security incidents, including malware, network reconnaissance and emerging threats.

• Understanding of vulnerability assessment and remediation procedures including risk management.

• Understanding of SIEM functionality and topology. 

Universal Competencies

• Be a positive, self-motivated proactive individual who is equally comfortable engaging with customer senior management and all levels within the GTT organisation.

• Possess excellent listening, written and verbal communication skills.

• High level of initiative and integrity.

• Deliver the appropriate balance of business need, customer expectation and compliance requirements.

• Strong organizational, presentation, meeting, and communication skills.

• Have a can do attitude and demonstrate a passion for new technology and learning.

Duties and Responsibilities:

Design and development of GTT’s SDN/NFV platforms and products

Continuous improvement of the existing products and platforms

Work with product management to create/maintain/execute the SDN/NFV roadmap

Last resort operational support for SDN/NFV platforms

Coach junior architects and engineers