Log In Sign Up

Security Operations Analyst

Premium Job From Experis IT

Recruiter

Experis IT

Listed on

16th January 2017

Location

Salford

Salary/Rate

£35114 - £40380

Type

Permanent

This job has now expired please search on the home page to find live IT Jobs.

SECURITY OPERATIONS ANALYST, SECURITY OPERATIONS CENTRE (CSOC), THREAT INTELLIGENCE, VULNERABILITY MANAGEMENT, TCP/IP PROTOCOL SUITE, LAN/WAN TECHNOLOGIES, SWITCHING, ROUTING, VOIP, TELEPHONY TECHNOLOGIES, FIREWALLS AND VPN, INTRUSION PREVENTION SYSTEMS (IPS), VULNERABILITY ASSESSMENT, PATCH MANAGEMENT TOOLS

£35,114 - £40,380 - Salford

An exciting opportunity has arisen to join the Home Office as a Security Operations Analyst. At present the Home Office are in the process of building a new Cyber Security Operations Centre (CSOC) based in Salford, the purpose of which would be:

* Security monitoring and detection of incidents and concerns.

* Analysis of incidents by technical and business specialists including the invocation of mitigating actions by liaising with operational teams.

* Active threat intelligence and vulnerability management through close partnerships with vendors and National Cyber Centre, including information on current malware threats on the wider Internet.

* Forensic analysis and investigation to support any future risk mitigation activities

The Home Office are willing to welcome applications from candidates who have an interest in developing their career in this area, as well as those with existing operational experience.

Role Overview

The Home Office are seeking a flexible, Cyber Security Analyst to perform deep-dive incident analysis by correlating data from various sources. The successful applicant will also determine if a critical system or data set has been impacted or is being attacked and will advise on remediation actions. The analyst will be responsible for coordinating the response for minor incidents and supporting the CSOC manager in dealing with major incidents. The candidate must be prepared to work a shift pattern once the CSOC is operational.

As a Security Analyst, your role on the team will include leveraging your knowledge of industry best practices, good judgment and problem solving skills to execute security operations.

In this position you will:

* Provide security monitoring for a growing environment; support incident responses and provide root cause analysis support for incidents.

* Provide Information Security Reporting and Metrics and provide input into improving information security reporting and metrics; identify/recommend improvements on internal investigation capabilities via tool building.

* Provide assistance in recovering from security breaches; participates in investigation and remediation of security incidents; establish configuration policies for security technologies.

* Review aggregated server logs, firewall logs, intrusion prevention logs, and network traffic for unusual or suspicious activity.

* Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases.

* Create and maintain internal training materials and provide training to appropriate information systems staff; assist with propagating security awareness among employees.

* Working as part of a team, performing deep-dive incident analysis and determining if critical systems or data sets has been impacted.

* Coordinating the incident response of minor incidents by advising on remediation actions and escalating major incidents to the designated parties.

* Providing coverage for Tier 1 analysts, conducting initial triage of alerts.

* Recording lessons learnt and improving existing processes and procedures.

* Processing incident communications to include initial reporting, follow-ups, requests for information, and resolution activity.

* Providing support of new analytic methods for detecting threats.

* Continuously seeking to identify potential service and process improvements.

Essential Criteria

* Have a strong IT technical background and experience working in a SOC environment.

* Functional knowledge of TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools.

* Functional knowledge of UNIX, Linux, Apple and Windows technologies.

* Functional knowledge of operating protocol analysers and analysing output.

* Functional experience performing monitoring, analysis and recovery procedures.

* Functional experience performing deep-dive incident analysis by correlating data from various sources.

Desirable Criteria

* Has functional knowledge and experience of using tools for security monitoring (e.g. Splunk, QRadar, Intel McAFee, ArcSight, RSA NetWitness), data analytics (e.g. ELK stack) and security case management (e.g. SNOW).

* Knowledge of or experience in vulnerability management tools (e.g. Qualys, Nmap, Nessus, Nexpose)

* Knowledge of targeted cyber attack (APT), how to analysis these and respond to and mitigate against the attacks.

Please do not hesitate to apply. If you would like speak about the role in further detail please feel free to contact Ryan on 0161 924 3689.

You are currently using an outdated browser.

Please consider using a modern browser such as one listed below:

Google Chrome
Google Chrome
 Opera
Opera
 Mozilla Firefox
Mozilla Firefox