Network Intrusion Analyst
Network Intrusion Analyst - 6 Months - Malvern
My client is looking for an experienced Network Intrusion Analyst for an initial 6-month contract for a team based in Malvern. The role is full time on site, and the client can offer a competitive daily rate.
Outline of duties:
* Work as a member of a team to provide defence against cyber-attacks, through monitoring and analysis of security events/incidents emanating from client networks and systems.
Experience & Knowledge:
* Work autonomously, with minimal supervision and direction to monitor and assess the risk and validity of security-related events, using security tools, SIEM technologies and other security resources.
* Identify routine and non-routine indicators of security-related events, conducting a first-level analysis and making quick, experienced and evidence-based responses; focusing on quality and accurate reporting.
* Apply specialist IT security knowledge and contribute to the analysis of failed or successful cyber-attacks providing effective reporting and recommendations of potential mitigations to future similar attacks.
* Contribute to the management and optimisation of security tools (e.g. tuning), processes and performance metrics following best practice.
* Travel to a variety of network locations around the country to collect data and bring it back to Malvern for retrospective analysis.
* Contribute to improvements and streamlining of the collection and analysis processes.
* Develop and cascade Standard Operating Procedures, Work Instruction and Cyber Security Playbooks.
* Assist in reporting results and communicating with customer, including meetings and telephone calls.
* Assist in the production of monthly reports
* Good understanding of TCP/IP fundamentals and common higher-level protocols such as HTTP.
* Understands the protocols and communication sequences expected for several technologies (e.g. DNS server, network devices).
* Knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint protection suites.
Skills & Competencies: (Job-specific skills and technical competencies required)
* Ability to be flexible to operational requirements is essential
* Ability to work well as part of a team, cooperatively and professionally
* Multi-tasker with willingness and ability to learn and adapt quickly
* Ability to work unsupervised
* Good attention to detail
* Self-starting and motivated
Education and Experience:
* A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
* Experience of working within an information security discipline.
* Experience working with productivity software such as Microsoft Word and Excel.
* Experience of computer operating systems, such as Linux and Windows (e.g. security fundamentals, patch management, file sharing).
* Experience working with SIEM, IDS and related security monitoring tools.
* Good working knowledge of SNORT IDS from installation to operation
* Experience of applications based on an ELK / Elastic stack architecture (Elasticsearch, Logstash, and Kibana)
* Minimum of 2-3 years of experience in a Security Operation Centre (SOC) or similar operational environment or team.
* Qualifications within the IT field such as Cisco Certified network Professional Security (CCNP Security), CREST Practitioner Intrusion Analyst; ITIL Foundation; CompTIA Network plus certification or similar; SANS GIAC or similar