Pico fuels the global capital markets community by providing exceptional market data services and customized managed infrastructure solutions. As financial industry experts at the center of markets and technology, we help our clients efficiently scale their business and quickly access markets. From infrastructure to connectivity, we support our clients through the full trading lifecycle. We are a global company headquartered in New York, with offices in Chicago, London, Singapore, Hong Kong and Tokyo.
Purpose of the role:
We are seeking a highly motivated Information Security Analyst to join our security operations team in Dublin. The successful candidate will be responsible for the daily monitoring and analysis of security events across a variety of systems, including email, SIEM, antivirus, IDS, and other security tools. You will play a key role in detecting and mitigating potential threats in a global environment, as well as staying up to date with emerging security vulnerabilities and trends.
The Information Security Analyst is responsible for understanding and providing appropriate surveillance for the critical cyber threats to Pico’s Information Systems. The Information Security Analyst will participate in the development and implementation of security policies and procedures, leverage Network Monitoring, Logging and Security Incident Event Management (SIEM) systems to produce alerts, audit data and reporting to detect suspicious activity and will analyze the threat data to help the Information Security team to determine what response is appropriate. This role is best suited for candidates who enjoy and have experience with computer, server, and network peripheral information security as well as candidates who excel at thinking critically to find ways to resolve security challenges. The position is focused on implementing and improving technology and procedures related to vulnerability management, device hardening and cyber security incident response. Looking for a self-starter with strong technical skills in the field.
Responsibilities and duties (include but not limited to)
Monitoring, investigation and reporting of security incidents. Member and support of the Information Security Response Team
Coordinate and perform internal as well as external penetration tests, application as well as network vulnerability assessment scans, and security risk assessment reviews.
Ability to develop and analyze processes. Identify as well as detail information risk, governance and compliance concepts and principles. Monitor, evaluate, and advise on information security issues related to systems, data, network, and workflow to ensure security controls are appropriate and operating as intended.
Identify potential security threats and vulnerabilities by staying current with emerging threats, attack vectors, and exploitation methods.
Analyze identified threats or vulnerabilities and assess the associated risk based on the current threat landscape (analysis of CVE’s and threat related feeds and information)
Collaborate with the Incident Response team to address security incidents, performing triage, containment, and post-incident analysis
Assist in the creation of security reports and documentation, supporting audit activities and compliance requirements.
Work with a set of guidelines to help identify critical event data for additional analysis and escalation as appropriate
Assist in the implementation and ongoing support of security systems.
Work closely with IT and security teams to ensure proper integration and operation of security tools and technologies.
Always observes all organizational procedures from a security risk perspective. Reports security risk concerns to appropriate leadership as defined in the incident response plan.
Liaise with internal team members and external vendors in a professional manner while performing professional services, and/or security assessment activities.
Performs other duties as assigned.
Ability to multi-task and remain productive in a service-driven and results oriented environment.
Demonstrated strong organizational, analytical, and problem-solving skills.
Working knowledge of application & infrastructure security solutions (Firewalls, Intrusion Detection\Prevention Systems, Network Security, Password Management, Data Encryption, Vulnerability Scanners, SIEM Systems, and Access Control)
Working knowledge of information security concepts, standards, and best practices.
Assist with the design and implementation of disaster recovery and business continuity plans, procedures, audits, and enhancements
Draft corrective action plans and coordinate remediation tasks.
Assist in defining security requirements for information technology projects.
Investigate and document suspicious activity and reported security incidents.
Monitor security advisories, trends, alerts, and vulnerabilities, and communicate accordingly with team managers and data owners.
Education, Skills and background (incl. Education and Experience Requirements)
3+ years of experience in information security (network, application and systems) or related technology experience required, experience in the securities or financial services industry is preferred.
Strong knowledge of technology and security controls related to the detection, analysis, containment, eradication, and recovery from cyber security incidents.
Execute tasks or lead small projects as needed - Communicate and interact directly with other staff to ensure optimal individual and group performance
Knowledge of Windows and Linux systems, Active Directory Architecture, EDR, data governance, vulnerability management, SIEM systems, and Information Security compliance and standards.
Strong verbal and written communication skills with experience in documentation and familiarization of Standard Operating and other formal procedures
Server and Network Device Security Hardening (routers, switches, firewalls, virtual environments are a plus)
Knowledge of incident response processes and frameworks (e.g., NIST, MITRE ATT&CK).
Strong analytical and problem-solving skills.
Must be self-directed with the ability to work with minimal oversight.
Ability to work effectively in a global team environment and manage multiple tasks under pressure.
Security certifications such as CompTIA Security+, CISSP, or equivalent are preferred.
Technical writing experience with management level reports
Familiarity with threat intelligence platforms, vulnerability management, and risk assessment methodologies.
Familiarity with scripting languages (e.g., Python, PowerShell) for automating security tasks is a plus.
Working Arrangements
This is a Hybrid position with weekly time in the office with the flexibility of working from home. Though travel may be from time to time, it is not expected to be regular or frequent. The role holder will be expected to work whatever hours are necessary for the performance of this role (recognizing that it involves multiple jurisdictions/geographies including but not limited to EMEA, USA and APAC).
IMPORTANT DATA PRIVACY INFORMATION:
This position is available with PICO GLOBAL LTD. The controller of your personal data will be PICO GLOBAL LTD.
For further information on what personal data we collect, how we will process your personal data and your rights with respect to your personal data please read our Pico Job Candidate Privacy Notice, View Here.
Be a part of Pico Family
Pico is an equal opportunity employer. Pico does not discriminate on the basis of a candidate's age, race, gender, color, religion, sexual orientation, physical or mental disability, or other non-merit factors. All employment decisions at Pico are based on business needs, job requirements and qualifications. If you require any assistance or accommodations to be made for the recruitment process, please inform us when you submit your online application.