This job has now expired please search on the home page to find live IT Jobs.
Work as a senior member of the security operations centre team to provide defence against cyber-attacks, through the proactive monitoring, analysis and management of security events/incidents emanating from customer networks and systems. Providing a technical point of escalation for cyber security related incidents and the configuration, development and tuning of the security technology tools.
A priority activity for contractors fulfilling this role will be to lead the development and deployment of enhanced SIEM detection content across our wide customer base. This role is based in Malvern and is not a shift, or night working role. Key Accountabilities * Work independently, applying in-depth knowledge and experience to deliver time critical, customer focused security monitoring services; advising and recommending on defensive strategies. * Provide effective leadership to SOC team members; directing and guiding work and providing mentorship of junior members of staff, acting as a local Subject Matter Expert in the Cyber Security domain. * Perform in-depth and advanced analysis (e.g. forensic analysis and malware reverse engineering) of complex and non-routine escalated security-related events; drawing on the expertise of other Analysts and external resources as required. * Manage escalated security-related events, making rapid evidence-based decisions on how to respond based on the extent and severity of the intrusion; drawing on knowledge of threat actors, including their motivation, infrastructure and capabilities. * Demonstrate advanced knowledge of business processes, internal control risk management, IT controls and related standards. * Applying threat intelligence to build an awareness picture of emerging issues across monitored customers within the SOC. * Continual development of analysis playbooks and tradecraft. * Proactively contribute to SOC strategy by refining processes and procedures; ensuring they align with customer and wider organisational requirements. * Lead and define security content development, ensuring that SIEM consoles are tuned appropriately. Key Capabilities/Knowledge * Actively maintains awareness of developments in the intrusion analysis, incident response and information security fields. * Has a working understanding of common Intrusion Analysis models (e.g. Cyber Kill Chain®) and can apply them to enhance analysis and reporting. * In depth understanding of TCP, UDP, IP, ICMP, IPv4, IPv6, HTTP, HTTP(S), SMTP, POP3, and DNS. Demonstrates fundamental knowledge of IRC, DHCP, FTP, SMB, SNMP, and TLS. * Strong knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS and Endpoint protection suites including strengths, weaknesses and flexibility of deployment. * Advanced knowledge of current threat landscape and a good understanding of malware operations, indicators, and known examples of APTs. * Ability to identify developing patterns and trends in data. * Ability to interpret system data such as security event logs, system logs, and application logs using graphical and command-line tools * Awareness of regulatory environment, laws, and standards. * Ability to rapidly distinguish between genuine and false detection events and respond appropriately (such as undertaking signature improvements and implementing ways to minimise false positives). * Able to communicate cyber security analysis results to technical and non-technical management/governance stakeholders, facilitating collaboration and decision making as necessary. * Good client interaction (over telephone and e-mail communication) including prompt and comprehensive client reporting. Experience & Qualifications Essential * A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience. * Extensive experience of working within an information security discipline. * Network security experience, including network architecture, host, data and/or application security in multiple operating system environments. * Extensive experience working with SIEM tools and related security monitoring toolsets. (preferably LogRhythm SIEM) * Effectively interpret data from toolsets into customer focussed intelligence. Desirable * LogRhythm Certified Administrator * CREST Registered Intrusion Analyst qualification Person Specification * Ability to be flexible to operational requirements is essential * Ability to work well as part of a team, cooperatively and professionally * Multi-tasker with willingness and ability to learn and adapt quickly * Good attention to detail * Self-starting and motivated * Analytical and curious minded * Strong written, verbal and customer service skills * Demonstrates a positive attitude towards change and suggest improvements * Ability to offer mentoring and learning support to junior practitioners