|Listed on:||19th August|
This job has now expired please search on the home page to find live IT Jobs.
Work as a senior member of the security operations centre team to provide defence against cyber-attacks, through the proactive monitoring, analysis and management of security events/incidents emanating from customer networks and systems. Providing a technical point of escalation for cyber security related incidents and the configuration, development and tuning of the security technology tools.
This role is based in Malvern and is not a shift, or night working role.
Work independently, applying in-depth knowledge and experience to deliver time critical, customer focused QinetiQ security monitoring services; advising and recommending on defensive strategies.
Provide effective leadership to SOC team members; directing and guiding work and providing mentorship of junior members of staff, acting as a local Subject Matter Expert in the Cyber Security domain.
Perform in-depth and advanced analysis (e.g. forensic analysis and malware reverse engineering) of complex and non-routine escalated security-related events; drawing on the expertise of other Analysts and external resources as required.
Manage escalated security-related events, making rapid evidence-based decisions on how to respond based on the extent and severity of the intrusion; drawing on knowledge of threat actors, including their motivation, infrastructure and capabilities.
Applying threat intelligence to build an awareness picture of emerging issues across monitored customers within the SOC.
Demonstrate advanced knowledge of business processes, internal control risk management, IT controls and related standards.
Identify and mitigate business risks associated with projects.
Continual development of analysis playbooks and tradecraft.
Lead in reporting results and communicating with customer, including meetings and telephone calls.
Proactively contribute to SOC strategy by refining processes and procedures; ensuring they align with customer and wider organisational requirements.
Lead and define security content development, ensuring that SIEM consoles are tuned appropriately.
Actively maintains awareness of developments in the intrusion analysis, incident response and information security fields.
Has a working understanding of common Intrusion Analysis models (e.g. Cyber Kill Chain®) and can apply them to enhance analysis and reporting.
In depth understanding of TCP, UDP, IP, ICMP, IPv4, IPv6, HTTP, HTTP(S), SMTP, POP3, and DNS. Demonstrates fundamental knowledge of IRC, DHCP, FTP, SMB, SNMP, TLS.
Strong knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS and Endpoint protection suites including strengths, weaknesses and flexibility of deployment.
Advanced knowledge of current threat landscape and a good understanding of malware operations, indicators, and known examples of APTs.
Ability to identify developing patterns and trends in data.
Ability to interpret system data such as security event logs, system logs, and application logs using graphical and command-line tools
Awareness of regulatory environment, laws, and standards.
Good understanding of technology and actively maintains awareness of developments in the intrusion analysis, incident response and information security fields.
Good working understanding of common Intrusion Analysis models, and can readily apply them.
Ability to gather threat and vulnerability data from threat advisories and open source information, using advanced search engine queries, domain registration records, DNS queries and extraction of Metadata.
Ability to rapidly distinguish between genuine and false detection events and respond appropriately (such as undertaking signature improvements and implementing ways to minimise false positives).
Able to communicate cyber security analysis results to technical and non-technical management/governance stakeholders, facilitating collaboration and decision making as necessary.
Good client interaction (over telephone and e-mail communication) including prompt and comprehensive client reporting.
Experience & Qualifications:
A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
Extensive experience of working within an information security discipline.
Network security experience, including network architecture, host, data and/or application security in multiple operating system environments.
Experience working with SIEM tools and related security monitoring toolsets. (preferably LogRhythm SIEM)
Advanced experience of computer operating systems, such as Linux and Windows.
Effectively interpret data from toolsets into customer focussed intelligence.
An IT Security qualification such as CREST Practitioner Intrusion Analyst (CPIA), SANS Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Cisco Certified Network Professional Security (CCNP Security).
CREST Registered Intrusion Analyst qualification
Knowledge and experience of penetration testing tools and techniques.
Ability to be flexible to operational requirements is essential
Ability to work well as part of a team, cooperatively and professionally
Ability to lead and work effectively with a small team of individuals with varying levels of experience
Multi-tasker with willingness and ability to learn and adapt quickly
Ability to work unsupervised and adhere to process and policy.
Good attention to detail
Self-starting and motivated
Analytical and curious minded
Strong written, verbal and customer service skills
Ability to review customer reports to ensure quality and accuracy
Demonstrates a positive attitude towards change and suggest improvements
Ability to offer mentoring and learning support to junior practitioners
QinetiQ comprises teams of dedicated people; experts in defence, aerospace, security and related markets. We draw on our extensive technical knowledge and intellectual property to provide the know-how and support to solve some of the world's most challenging problems. Our people make the critical difference to customers by providing unique approaches to problem solving. Why don't you join some of the world's finest scientific and technical minds and help us make tomorrow work today?