SOC Analyst (CIRT)

  • Full Time
  • London
  • Location: London
  • Salary: Unspecified


Visa Europe is a wholly owned subsidiary of Visa Inc. (NYSE:V). Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world's most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa's innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead of time with prepaid or pay later with credit products.

Job Function

Information security is an integral part of Visa’s corporate culture. It is essential to maintaining our position as an industry leader in electronic payments, which is why Visa has made it a priority to create top-tier security operations and incident response teams to defend the company against evolving cyber threats. If you would like to join a company where security is truly valued, where you can work with like-minded peers who are passionate about the art & science of cyber defence, and where you can use state of the art tools for maximum impact, then we have a home for you.

The successful candidate will join a team of information security analysts in a global security operations centre. These analysts are the primary cyber defenders on the frontline protecting Visa networks and systems. The team is part of a larger cybersecurity organization, which is located across multiple geographic sites that is responsible for the comprehensive cyber defence of Visa and its subsidiaries

Key work outputs and accountabilities

  • Identify cybersecurity threats and perform analysis of reported anomalies on Visa networks and systems
  • Mitigate and contain identified threats using approved methodologies when detected.
  • Initiate escalation procedures and incident response processes as defined in operational plans
  • Monitor information security alerts though the use of a Security Information and Event Manager (SIEM) to triage, mitigate, and escalate issues as needed while capturing essential details and artefacts
  • Utilize sensor data and correlated logs containing IDS/IPS, AV, Windows events, web proxy, and similar data to establish context and to rule-out false positives
  • Operationalize actionable intelligence reports from the Threat Intelligence team and external sources
  • Coordinate the initial workflow and response for varying case types with internal and external teams
  • Collaborate with operational support staff to ensure they are actively engaged in potential security threats and concerns
  • This position is staffed in shifts supporting a 24x7x365 global security operations centre. Analysts work a 12-hour shift pattern, including holidays and weekends. There are opportunities for overtime while working extra shifts to ensure operational coverage when needed
  • Provide feedback to peer teams to enhance the sensor set and improve signature fidelity
  • Contribute to projects that enhance the security posture of the enterprise. Opportunities may include big data analytics, automated malware analysis tools, whitelisting/blacklisting, NAC, deep packet inspection, live forensics, and others
  • Identify trends, potential new technologies, and emerging threats which may impact the business
  • Provide technical advice and input for the support of integrated security systems and solutions

Essential Criteria

  • Previous security operations centre experience is desired, but candidates with Forensics or Penetration Testing background will also be considered
  • Strong analytical skills and an ability to quickly learn and adapt to new technologies
  • Strong problems solving skills coupled with the tenacity and resilience to resolve issues.
  • Experience operating and administrating Security Information and Event Management (SIEM) platforms
  • Possess functional knowledge and administrative experience on Windows and Unix/Linux Platforms
  • A solid foundational understanding of TCP/IP and networks to include packet analysis, firewalls, routers, and ACLs
  • Strong working knowledge of malware in its varying forms, common delivery mechanisms, and common mitigation steps
  • Ability to convey security concepts related cybersecurity events to both technical and non-technical audiences
  • Experience with IDS/IPS, Endpoint protection, Network Security, WAF, Sandboxing and analysis technologies is desired.
  • Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce

You must register to apply for this job.