Role: SOC Helpdesk Analyst
Location: Malvern (full time on-site)
Duration: 3 months
Security Clearance: SC Cleared
Pay: up to £40/hour (Umbrella)
You will work as a member of our team to provide 24x7x365 defence against cyber-attacks, through the monitoring, analysis and management of security events/incidents emanating from client networks and systems.
(This role will be on site full time in Malvern, you will be considered a key worker)
- Work autonomously, with moderate supervision and direction to monitor and assess the risk and validity of real-time security-related events, using security tools, SIEM technologies and other security resources.
- Conduct real -time tactical management of security events in compliance with service level agreements, standards and legal policies.
- Identify routine and non-routine indicators of security-related events, conducting a first-level analysis and making quick, experience and evidence-based responses; focusing on quality and accurate reporting.
- Work autonomously to interpret, distil and escalate incidents, using digital evidence, to determine and report the level of threat an anomaly may represent to the confidentiality, integrity or availability (CIA) of IT systems or data.
- Apply specialist IT security knowledge and contribute to the analysis of failed or successful cyber-attacks providing effective reporting and recommendations of potential mitigation's to future similar attacks.
- Contribute to the management and optimisation of security tools (e.g. tuning), processes and performance metrics following best practice.
- Good understanding of TCP/IP fundamentals and common higher-level protocols such as HTTP.
- Understands the protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
- Knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint protection suites.
- Has a basic understanding of security architecture, including encryption and encoding, web server operations, network file sharing and network firewalls as well as their security implications.
- Ability to interpret system data such as security event logs, system logs, and application logs.
- Ability to identify developing patterns and trends from knowledge and data.
- Ability to maintain working knowledge of current and emerging security threats and applying this knowledge to real-time analysis tasks.
- Basic understanding of the regulatory environment (law, regulations and standards relevant to cyber network defence) and legislation pertaining to collection and analysis of customer/organisation data.
- Demonstrates effective communication skills with colleagues, including the ability to handover work to oncoming shift personnel and when providing input to reports/presentations, justifying assertions with evidence.
- Good client interaction (over telephone and e-mail communication) including regular, prompt and comprehensive client reporting.
- Monitor customer's event data via client proprietary and COTS toolsets.
- Recognise and interpret anomalies in network traffic and/or host log files, relating them to known classes/types of attack (such as DDoS, Insider Threat and Phishing).
- Gather target information on sources of threat and vulnerability from threat advisories and open source information using search engine queries, for instance using domain registration records, DNS queries and extraction of Meta data.
- Can rapidly distinguish between genuine and false detection events and respond appropriately (such as undertaking signature improvements and implementing ways to minimise false positives).
- Analyse suspected attacks and identify potential sources of digital evidence, following procedures related to evidence collection.
- Undertake root cause analysis of events, making recommendations to reduce false positives.
Experience & Qualifications
- A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
- Experience working in IT.
- Experience of working within an information security discipline.
- Understanding or experience of SIEM tools.
There are 14 shifts every 28 days and the rota repeats as such - 12 hour shifts 7am/pm - 7pm/am, paid for 11, 12hr includes an hour lunch, regular breaks granted throughout.
- 4 days on: Thur, Fri, Sat and Sun
- Off: Mon and Tue
- 3 Nights: Wed, Thur, Fri
- Off: Sat and Sun (The Friday shift would finish 7am Saturday morning)
- 3 days: Mon, Tue and Wed
- Off: Thur, Fri
- 4 Nights Sat, Sun, mon and Tue (The Tuesday shift would finish 7am Wednesday morning)
- Off Next 7 full days returning on the Thursday to repeat pattern