Job Specifications
Main Purpose:
As part of Trafigura's IT Security team, you'll be at the forefront of protecting one of the world's leading commodity trading companies.
In this role you will serve as a senior technical expert within the IT Security Operations Centre, leading sophisticated security incident investigations and advanced threat hunting activities.
You will be able to contribute to the continual improvement of supervising security capabilities through crafting customized detections, streamlining processes, and performing forensic analysis.
Take on the role of being the central contact for SOC analysts, managing the coordination of cross-functional response efforts in the face of critical security events.
You will be responsible to improve interpersonal security posture by proactively identifying threats, conducting root cause analysis, and crafting advanced security tools and procedures.
The role reports to Head of Security Engineering who is based in London.
Knowledge Skills and Abilities, Key Responsibilities:
Core Competencies
Security Monitoring & Detection
Extensive knowledge of network security architecture, endpoint protection, and cloud security principles
Security Information and Event Management (SIEM): Proficiency with Splunk Enterprise Security or similar platforms for advanced correlation, threat hunting, and analytics
Endpoint Detection & Response (EDR): Expert-level experience with Microsoft Defender for Endpoint (or equivalent), including configuration management, alert triage, and response automation
Threat Intelligence Integration: Ability to integrate threat feeds into detection systems and develop specialized detection guidelines in response to emerging threats
Advanced Analytics: Experience with behavioural analytics, anomaly detection, and machine learning-based security monitoring techniques
Incident Response & Forensics
Handling Security Incidents: Proficiency in supervising complicated security situations from detection to resolution
Digital Forensics: Expertise in memory forensics and network forensics to establish incident timeline and scope
Malware Analysis: Advanced skills in static and multifaceted malware analysis, including disassembly, debugging, unpacking, and sandbox analysis
Actively pinpointing vulnerabilities that have bypassed current security measures by conducting detailed inquiries
Incident Coordination: Capable of directing teams with diverse roles and communicating adeptly with partners in the midst of security situations
Technical Expertise
Scripting & Automation: Strong programming skills in PowerShell, Python, and other relevant languages for security automation and custom tool development
Active Directory & Identity Management: Deep understanding of AD architecture, LDAP queries, and common attack vectors against identity infrastructure
Operating System Security: Comprehensive knowledge of Windows, Linux, and macOS security mechanisms and hardening techniques
Network Security: Expertise in network protocols, traffic analysis, and network-based detection techniques
Cloud Security: It would be advantageous (but not required) if the candidate had experience securing assets across major cloud platforms (AWS, Azure) and understanding cloud-specific security controls
Key Responsibilities
Security Operations
Lead complex security investigations requiring advanced forensic techniques and cross-platform analysis
Develop and maintain custom detection rules, playbooks, and response procedures
Perform regular threat hunting exercises to identify potential compromises
Analyze and validate security alerts escalated from Tier 1 analysts
Conduct root cause analysis for security incidents and develop mitigation strategies
Engineering & Development
Design and implement security monitoring improvements and automation workflows
Develop custom scripts and tools to enhance detection and response capabilities
Maintain and optimize security tooling, including SIEM content, EDR policies, and detection rules
Collaborate with security architecture teams to improve defensive posture
Contribute to continuous improvement of security monitoring and response processes
Leadership & Knowledge Transfer
Serve as technical escalation point for Tier 1 SOC analysts
Document findings, methodologies, and lessons learned from security incidents
Collaborate with threat intelligence teams to enhance detection capabilities
Qualifications
Required Experience
5+ years of experience in cybersecurity with at least 3 years in a SOC or incident response role
Demonstrated expertise with SIEM platforms, preferably Splunk Enterprise Security
Advanced knowledge of Microsoft Defender for Endpoint or similar EDR solutions
Experience with memory forensics tools (e.g., Volatility) and malware analysis techniques
Proficiency in at least one scripting language (PowerShell, Python, Perl)
Relevant Certifications (not required)
GIAC Certified Incident Handler (GCIH)
GIAC Reverse
About the Company
Trafigura is a leading commodities group, owned by its employees and founded over 30 years ago. At the heart of global supply, Trafigura connects vital resources to power and build the world. We deploy infrastructure, market expertise and our worldwide logistics network to move oil and petroleum products, metals and minerals, gas and power from where they are produced to where they are needed, forming strong relationships that make supply chains more efficient, secure and sustainable. We invest in renewable energy projects a...
Know more