My client is looking for a Security Operations Center (SOC) Analyst position is assigned to the Security Operations Team based in Chippenham although there will be occasions to work from Swindon also. The primary purpose of this position is to help coordinate and report on cyber incidents impacting the system. This includes monitoring and analysis of event logs within a SOC environment using Huntsman Tier3 SIEM application. You will work as part of a shift covering 0730 - 1730 Mon - Fri (excluding Bank Holidays) that analyses network, application and system log events in order to identify any potentially abnormal system behaviours' and raise them as incidents for investigation.
Act as the initial analytical reference point for identifying and then quantifying the nature and extent of an attack and offer initial triage and professional advice relating to possible business impact.
Advise on incident containment measures.
Implement IUS Cyber Incident Response procedures to address any actual or suspected incidents.
Develop and maintain a credible knowledge of current and emerging threats likely to effect the Integrity of the managed service you are protecting.
Develop a credible level of protective monitoring experience, and aspire to developing a good level of experience and knowledge regarding the capabilities offered by the Huntsman SIEM.
You will be responsible for analyzing network, application and system log events in order to identify any potentially abnormal system behaviors' and raise them as incidents for investigation.
These will then be investigated with others to establish if these are expected events or a security threat whereby they will be escalated to appropriate customer or technical resources for remedial action.
Develop Local Work Instructions and use Cases.
Have an understanding of Regular Expressions (Regex) and be expected to write them to apply rules and filters on the Huntsman SIEM.
Work to improve the Huntsman SIEM and the service it delivers.
Plan for disaster recovery in the event of any security breaches.
Monitor for attacks, intrusions and unusual, unauthorised or illegal activity. Investigate security alerts and provide incident response.
Monitor identity and access management, including monitoring for abuse of permissions by authorised system users.
Generate reports for both technical and non-technical staff and stakeholders. Maintain daily occurrence register and incident log and assist with internal and external audits relating to information security.
The postholder will also be expected to:
Maintain a keen understanding of evolving Internet threats to ensure the security of client networks.
Participate in knowledge sharing with other analysts and develop solutions efficiently.
Keep abreast of evolving Cyber threats and identifying new and sophisticated methods of detecting them across the customer's IT service.
Make configuration changes to the SIEM tool to reflect new threats.
Provide analysis and trending of security log data from a large number of security devices.
Provide Incident Response (IR) support when analysis confirms actionable incident. Provide threat and vulnerability analysis as well as security advisory services. Be proactive in advising and proposing new or additional monitoring capabilities to meet contract / programme requirement.
Analyse and respond to previously undisclosed software and hardware vulnerabilities.
Investigate, document, and report on information security issues and emerging trends.
Provide monthly security reports covering SIEM service and other reports as requested by authorised personnel.
Undertake other tasks and responsibilities as assigned.
Skills, Qualifications and Knowledge Required
Previous role/experience as a SIEM analyst or Operations analyst.
Experience of maintaining a SIEM through monitoring, configuring and managing typical security enforcing devices, such as Firewalls, Proxies, IDS/IPS devices. A sound knowledge of IT security best practice, common attack types and detection / prevention methods
Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours' Strong written and verbal communication skills Attention to detail and strong organizational skills.
Qualifications within the IT Security field desirable though not essential.
An understanding of Information Security; relating to the Confidentiality, Integrity and Availability of information Knowledge of common network or security devices, such as routers, switches, hubs, firewalls, or SIEM tools.
Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 18 weeks.
LA International Computer Consultants Ltd is an HMG Approved Consultancy and operates as an IT & Engineering Consultancy or as an Employment Business & Agency, depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, we welcome applications from all sections of the community and from people with diverse experience and backgrounds.
Award Winning LA International Computer Consultants Ltd (Recruiter Awards for Excellence - Best IT, Best Public Sector & Gold Awards) and the most prestigious award that any business can receive The Queens Award for Enterprise: International Trade 2015.