Are you a Security Analyst looking to progress onto the next stage of your career or are you a Senior Security Analyst who is looking to work on challenging and exciting projects? Are you currently looking for a new opportunity where you can work on cutting edge technology within a state of the art environment? Then look no further, this role is for you!

Key responsibilities:

• Monitor the alarm console; provide an initial analysis of logs and network traffic; and make security event determinations on alarm severity, escalation, and response routing
• Provide communication and escalation throughout the incident as per the companies Security Incident Management guidelines
• Act as the primary escalation point to other Security Analysts monitoring the Security Information and Event Management (SIEM) System & provide an initial investigation of security incidents. Take an active part in the containment of incidents, even after they are escalated
• Deliver investigation and remediation activities as a member of the Security Incident Response Team.  Participate in Security Incident Response Team (SIRT) events
• Coordinate with data asset owners and business response plan owners during high severity incidents and vulnerabilities
• Conduct research and assessments of security events; provide analysis of firewall, IDS, anti-virus, and other network sensor produced events; present findings as input to SIRT
• Lead the Compliance/Vulnerability Assessment (VA) Scanning programme, taking ownership of the platforms and processes. Follow a documented process for routine scanning of the company’s infrastructure and network elements.  Develop mitigation and remediation plans because of the vulnerability assessment findings
• Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure.  Analyse reports to understand threat campaign(s) techniques, lateral movements, and extract indicators of compromise (IOCs)
• Understanding of performing analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false positives
• Create and update security event investigation notes, conduct shift change reports on open cases, and maintain case data in the Incident Response Management platform
• Continuous engagement with the Threat Intelligence and 24×7 Monitoring teams
• Provide ad-hoc on-call support to review threats and response actions for off-hour critical threat detection
• Document information security operations policies, processes, and procedures

Essential Knowledge and Skills:

• A University degree level education or equivalent in Information Security, Forensics, or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis
• A Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or equivalent certification would be advantageous
• Intermediate knowledge of Information Security fundamentals, technologies, and design principals
• Understanding or proven experience in securing Windows, Linux, Oracle and VM platforms
• Understanding or proven experience of QRadar or similar Security Information and Event Management (SIEM) tools for analysing network and security incidents
• Experience in Tenable Network Security Nessus, Beyond Trust Retina or similar Vulnerability Assessment (VA) scanner operations for identifying network and platform risks and misconfigurations. Experience in Security Assessment tools/frameworks (NMAP, Nessus, Metasploit, Netcat)
• Knowledge of network security zones, firewall, IDS
• Network analysis tools like Wireshark and TCPDump
• Knowledge of log formats for Syslog, HTTP logs, DB logs and how to gather forensics for traceability back to the event
• Knowledge of packet capture and analysis
• Experience in log management or security information management tools
• Advanced SIEM/IDS content building training

Tagged as: nmap, tenable network security nessus, nessus, metasploit, netcat, tcpdump, wireshark, IDS, firewall