Cyber Security Analyst - Malvern
Our client are experts in defence, aerospace, security and related markets. We draw on our extensive technical knowledge and intellectual property to provide the know-how and support to solve some of the world's most challenging problems. Our people make the critical difference to customers by providing unique approaches to problem solving. Why don't you join some of the world's finest scientific and technical minds and help us make tomorrow work today?
You will work as a member of our team to provide 24x7x365 defence against cyber-attacks, through the monitoring, analysis and management of security events/incidents emanating from client networks and systems.
- Work autonomously, with moderate supervision and direction to monitor and assess the risk and validity of real-time security-related events, using security tools, SIEM technologies and other security resources.
- Conduct real-time tactical management of security events in compliance with service level agreements, standards and legal policies.
- Identify routine and non-routine indicators of security-related events, conducting a first-level analysis and making quick, experience and evidence-based responses; focusing on quality and accurate reporting.
- Work autonomously to interpret, distil and escalate incidents, using digital evidence, to determine and report the level of threat an anomaly may represent to the confidentiality, integrity or availability (CIA) of IT systems or data.
- Apply specialist IT security knowledge and contribute to the analysis of failed or successful cyber-attacks providing effective reporting and recommendations of potential mitigations to future similar attacks.
- Contribute to the management and optimisation of security tools (e.g. tuning), processes and performance metrics following best practice.
- Good understanding of TCP/IP fundamentals and common higher-level protocols such as HTTP.
- Understands the protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
- Knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint protection suites.
- Has a basic understanding of security architecture, including encryption and encoding, web server operations, network file sharing and network firewalls as well as their security implications.
- Ability to interpret system data such as security event logs, system logs, and application logs.
- Ability to identify developing patterns and trends from knowledge and data.
- Ability to maintain working knowledge of current and emerging security threats and applying this knowledge to real-time analysis tasks.
- Basic understanding of the regulatory environment (law, regulations and standards relevant to cyber network defence) and legislation pertaining to collection and analysis of customer/organisation data.
- Demonstrates effective communication skills with colleagues, including the ability to handover work to oncoming shift personnel and when providing input to reports/presentations, justifying assertions with evidence.
- Good client interaction (over telephone and e-mail communication) including regular, prompt and comprehensive client reporting.
- Monitor customer's event data via our clients proprietary and COTS toolsets.
- Recognise and interpret anomalies in network traffic and/or host log files, relating them to known classes/types of attack (such as DDoS, Insider Threat and Phishing).
- Gather target information on sources of threat and vulnerability from threat advisories and open source information using search engine queries, for instance using domain registration records, DNS queries and extraction of Meta data.
- Can rapidly distinguish between genuine and false detection events and respond appropriately (such as undertaking signature improvements and implementing ways to minimise false positives).
- Analyse suspected attacks and identify potential sources of digital evidence, following procedures related to evidence collection.
- Undertake root cause analysis of events, making recommendations to reduce false positives.
Experience & Qualifications
- A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
- Experience working in IT.
- Experience of working within an information security discipline.
- Experience working with productivity software such as Microsoft Word and Excel.
- Understanding or experience of SIEM tools.
- Minimum of 1-year experience in network security.
- Qualifications within the IT field such as Cisco Certified network Professional Security (CCNP Security), CREST Practitioner Intrusion Analyst; CompTIA Network plus; SANS GIAC
- Experience of computer operating systems, such as Linux and Windows (e.g. security fundamentals, patch management, file sharing).