Security Operations 24x7

Stuart Gregg
ASOS Tech Blog
Published in
3 min readFeb 11, 2020

Cyber Security Operations (SecOps) is going through an exciting period of transformation here at ASOS. SecOps is responsible for the complete monitoring, protection, and investigation of ASOS’s digital and technology solutions against the rapidly evolving ever changing global security threat.

We’re expanding our Cyber Security capability to ensure the continued protection of both ASOS’s customers and technology 24 x 7. We have exciting new opportunities in our 24 x 7 team available here and here, where you can help us shape operations and protect ASOS from threats around the world.

Within these roles, you can expect to be harnessing some of the latest security tech and to be truly immersed in an organisation that is a real leader in cloud security and innovation.

Sounds good, right? So, what are we looking for…?

We have two tiers of opportunities available for enthusiastic team players;

Tier 1

These opportunities are designed for recent graduates who have a keen interest in Cyber Security. We can also offer the ability to cross-train into Cyber Security if the following apply to you:

  • You have experience of performing fraud analysis in a previous role
  • A Criminology degree would be considered if you can demonstrate competency in Python/PowerShell or Kusto Query Language(KQL)

Tier 2

These are designed for candidates who have been in the Cyber Security field for a few years and have some real experience working in an operational role. We’re also looking for experience leading a shift and task managing/mentoring team members.

To give you a taster, you’ll be doing some of, but not limited to:

  • Performing investigations and threat hunting activities on suspicious alerts across our monitoring systems. You’ll also be working closely with departments across the organisation to ensure threats and vulnerabilities are remediated effectively.
  • Conducting vulnerability management across our line-of-business applications and cloud stack to understand potential exploitations and prioritise your recommendations for patching to the relevant teams.
  • Building out detection rules based on current and upcoming malware campaigns or based on intelligence from our partners.
  • Protecting hundreds of thousands of customers each month from potential attacks to the ASOS website.
  • Orchestrating ways to automate through hundreds of millions* of security events we get daily to spot some of the smallest events that could be indicators of compromise.
  • Developing ways to become more efficient in the role and then implementing these strategies across the team.

Another thing to note…

At ASOS we’ve developed deep relationships with multiple security partners. One example of this is with Microsoft. We’re at the forefront of testing and deploying some of the latest security technologies Microsoft has to offer — but don’t just believe my word for it, read some examples on Microsoft’s website here and here.

Security Tech?

Some of the tech you’ll be exposed to, trained on and in some cases certified in, include;

  • Azure Security Centre (ASC) and all the associated protection stack such as SQL ATP, Key Vault and so on (literally the entire Azure security solution).
  • Latest AV and EDR capabilities from vendors such as Carbon Black and Microsoft’s ATP (Advanced Threat Protection MATP).
  • Cloud Application Security Brokers aka (CASBs) — we utilise one of Gartner’s magic quadrant leaders.
  • Internal vulnerability management, deep packet inspection on network appliances, enriched CDN data from Akamai, purpose-built sandboxes for investigations, Network Access Control (NAC) and so much more!

Working at ASOS

ASOS is a truly unique place to work. A place where your work will make a real difference to millions of customers, a place where you will be working with some of the leading experts in their field, a place that is energetic, colourful and always changing. One minute you could be fighting some of the world’s most complex security threats, the next being exposed to some of the amazing products ASOS designs and sells — just last week our design Director took us through next seasons trends and the latest fashion insights.

So, If the above sounds interesting to you and you’d like to help keep ASOS protected, feel free to apply via the above links, and if operations are not your vibe, we have many more roles within Cyber Security available here.

*Number is approx… it’s probably closer to billions of events per day, that’s Billion with a B.

Stuart Gregg is the Security Operations Manager @ ASOS. Catch him either in the gym or snacking.

--

--