Senior Associate Platform Operations Engineer, Cyber Risk
Job Description
Job title: Senior Associate Platform Operations Engineer, Cyber Risk
Company: Kroll
Job description: Job Description:In a world of disruption and increasingly complex business challenges, our professionals bring truth into focus with the Kroll Lens. Our sharp analytical skills, paired with the latest technology, allow us to give our clients clarity-not just answers-in all areas of business. We embrace diverse backgrounds and global perspectives, and we cultivate diversity by respecting, including, and valuing one another. As part of One team, One Kroll, you’ll contribute to a supportive and collaborative work environment that empowers you to excel.Kroll’s Cyber Risk team works on over 2,000 cases a year, including some of the most complex and highest profile matters in the world. With experts based around the world, supported by ground-breaking technology, we help protect our client’s data, people, operations and reputation with innovative assessments, investigations and intelligence. We are the only company in the world with the expertise and resources to deliver global, end-to-end cyber risk management, supporting organizations through every step of their journey toward cyber resilience.Clients count on us for quick and expert support in the event of and in preparation against a cyber incident; from incident response to risk assessments, and complex forensics to breach notification and ID theft remediation we help clients – of all sizes – respond with confidence.At Kroll, your work will help deliver clarity to our clients’ most complex governance, risk, and transparency challenges. Apply now to join One team, One Kroll.The security platform engineering role is best suited to an individual who has 4-6 years’ experience in IT (systems / infrastructure engineering) and has at least 2 years’ experience in cyber security, preferably with an MSSP.They should have a solid understanding of how SIEM platforms work, down to the architecture level detail, ideally this would be for Splunk.They should be adept at owning problems and seeing them though to resolution.Required:
- Expert level troubleshooting and diagnosis skills
- Significant experience with Splunk Enterprise & Enterprise Security with relevant Splunk certification
- In depth understanding of at least 1 SIEM platform, how it works and its architecture (preferably Splunk)
- Significant experience in managing a SIEM`s backend components as well as general administration of a SIEM platform (preferably Splunk)
- Working knowledge of MS Azure, preferable including Sentinel
- Solid understanding of TCP/IP networks and diagnosing network issues
- Intermediate understanding of next gen firewalls, how they work and diagnosing traffic issues
- Intermediate understanding of configuration for PKI and certificates generally
- Intermediate understanding for cyber components / toolsets (SIEM, EDR, MDR, Next Gen FW Etc)
- Intermediate Linux command line knowledge & experience
- Experience in dealing with customers directly to resolve issues
- A strong sense of ownership of problems, seeing them through to remediation
- Fast learner, able to pick up and work on numerous new platforms without prior experience
- Strong documentation and runbook creation skills.
- Strong written and verbal English communication
- Working understanding of ITIL / ISO27001
Desirable:
- Any experience with Defender for Endpoint, Carbon Black, Sentinel One, DarkTrace
- Experience in cloud platforms (Azure, AWS, GCP etc)
- MS Certs AZ500 or SC100
- LogRhythm certification (320, 330)
- Any security vendor certification, networking etc
- Experience in scripting (preferably Python, PowerShell & Bash)
Responsibilities
- Be a strong part of the escalation path for technical issues, owning remediation where possible
- Support more junior members of the team with the platform and toolset understanding
- Handle more technically challenging tickets / requirements as they arise
- Administration, diagnosis and troubleshooting of log sources / endpoint`s
- Perform platform health monitoring and definition
- Support onboarding team where possible with technical escalations
- Troubleshoot issues with customers directly
- Documentation various aspects of the platform, creating runbooks for more junior engineers to follow to free up more senior engineers.
- Gain knowledge in areas the team needs to expand on and share this with the team in the form of training & or documentation
In order to be considered for a position at Kroll, you must formally apply via careers.kroll.comKroll is committed to equal opportunity and diversity, and recruits people based on merit#LI-TM1#LI-Remote
Expected salary:
Location: United Kingdom
