We are looking for an SC cleared Cyber security analyst to work for our client in Malvern Worcestershire for an initial 3 months contract/permanent employment. The ideal candidate will work as a member of a team working shifts to provide 24x7x365 defence against cyber-attacks, through the monitoring, analysis and management of security events/incidents emanating from client networks and systems.
4 days on, 3 nights on, 8 days off. 12 hour shifts run from 7 to 7 (Subject to change)
- Work autonomously, with moderate supervision and direction to monitor and assess the risk and validity of real-time security-related events, using security tools, SIEM technologies and other security resources.
- Conduct real -time tactical management of security events in compliance with service level agreements, standards and legal policies.
- Identify routine and non-routine indicators of security-related events, conducting a first-level analysis and making quick, experience and evidence-based responses; focusing on quality and accurate reporting.
- Work autonomously to interpret, distil and escalate incidents, using digital evidence, to determine and report the level of threat an anomaly may represent to the confidentiality, integrity or availability (CIA) of IT systems or data.
- Apply specialist IT security knowledge and contribute to the analysis of failed or successful cyber-attacks providing effective reporting and recommendations of potential mitigations to future similar attacks.
- Contribute to the management and optimisation of security tools (e.g. tuning), processes and performance metrics following best practice.
Experience and knowledge:
- Good understanding of TCP/IP fundamentals and common higher level protocols such as HTTP.
- Understands the protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
- Knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint protection suites.
- Has a basic understanding of security architecture, including encryption and encoding, web server operations, network file sharing and network firewalls as well as their security implications.
- Ability to interpret system data such as security event logs, system logs, and application logs.
- Demonstrates effective communication skills with colleagues, including the ability to handover work to oncoming shift personnel and when providing input to reports/presentations, justifying assertions with evidence.
- Good client interaction (over telephone and e-mail communication) including regular, prompt and comprehensive client reporting.
- Monitor customer's event data via our client's proprietary and COTS toolsets.
- Recognise and interpret anomalies in network traffic and/or host log files, relating them to known classes/types of attack (such as DDoS, Insider Threat and Phishing).
- Gather target information on sources of threat and vulnerability from threat advisories and open source information using search engine queries, for instance using domain registration records, DNS queries and extraction of Meta data.
Undertake root cause analysis of events, making recommendations to reduce false positives.
- A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
- Minimum of 5 years proven knowledge of working in IT.
- Minimum of 1 year proven knowledge of working within an information security discipline.
- Proven knowledge of working with productivity software such as Microsoft Word and Excel.
- Proven knowledge of working with SIEM tools.