Accessibility Links

Network Intrusion Analyst

  • Salary: £300 - £450 per day
  • Job type: Contract
  • Location: Malvern, Worcestershire
  • Sector: Security
  • Date posted: 16/10/2018
  • Job reference: QQC01170

We're really sorry, but it looks like this job has already been filled.

Register your CV with us, see our latest jobs or use the search below.


Work as a member of a team to provide defence against cyber-attacks, through monitoring and analysis of security events/incidents emanating from client networks and systems.

Key accountabilities:

  • Work autonomously, with minimal supervision and direction to monitor and assess the risk and validity of security-related events, using security tools, SIEM technologies and other security resources.
  • Identify routine and non-routine indicators of security-related events, conducting a first-level analysis and making quick, experienced and evidence-based responses; focusing on quality and accurate reporting.
  • Apply specialist IT security knowledge and contribute to the analysis of failed or successful cyber-attacks providing effective reporting and recommendations of potential mitigations to future similar attacks.
  • Contribute to the management and optimisation of security tools (e.g. tuning), processes and performance metrics following best practice.
  • Travel to a variety of network locations around the country to collect data and bring it back to Malvern for retrospective analysis.
  • Contribute to improvements and streamlining of the collection and analysis processes.
  • Develop and cascade Standard Operating Procedures, Work Instruction and Cyber Security Playbooks.
  • Assist in reporting results and communicating with customer, including meetings and telephone calls.
  • Assist in the production of monthly reports
  • Good understanding of TCP/IP fundamentals and common higher level protocols such as HTTP.
  • Understands the protocols and communication sequences expected for a number of technologies (e.g. DNS server, network devices).
  • Knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS, Endpoint protection suites.
  • Has a good understanding of security architecture, including encryption and encoding, web server operations, network file sharing and network firewalls as well as their security implications.
  • Ability to interpret system data such as security event logs, system logs, and application logs using graphical and command-line tools.
  • Ability to identify developing patterns and trends from knowledge and data.
  • Ability to maintain working knowledge of current and emerging security threats and applying this knowledge to real-time analysis tasks.
  • Basic understanding of the regulatory environment (law, regulations and standards relevant to cyber network defence) and legislation pertaining to collection and analysis of customer/organisation data.
  • Demonstrates effective communication skills with colleagues, including the ability to handover work to oncoming shift personnel and when providing input to reports/presentations, justifying assertions with evidence.
  • Good client interaction (over telephone and e-mail communication) including regular, prompt and comprehensive client reporting.
  • Monitor customer's event data via QinetiQ proprietary and COTS toolsets.
  • Recognise and interpret anomalies in network traffic and/or host log files, relating them to known classes/types of attack (such as DDoS, Insider Threat and Phishing).
  • Gather target information on sources of threat and vulnerability from threat advisories and open source information using search engine queries, for instance using domain registration records, DNS queries and extraction of Meta data.
  • Can rapidly distinguish between genuine and false detection events and respond appropriately (such as undertaking signature improvements and implementing ways to minimise false positives).
  • Analyse suspected attacks and identify potential sources of digital evidence, following procedures related to evidence collection.

Person Specification:

  • Ability to be flexible to operational requirements is essential
  • Ability to work well as part of a team, cooperatively and professionally
  • Multi-tasker with willingness and ability to learn and adapt quickly
  • Ability to work unsupervised
  • Good attention to detail
  • Self-starting and motivated
  • Analytical and curious minded
  • Ability to follow processes and scripts
  • Strong written, verbal and customer service skills
  • Ability to review customer reports to ensure quality and accuracy
  • Demonstrates a positive attitude towards change and suggest improvements
  • Effective interpretation of data from toolsets into customer focused intelligence

Education and Experience:


  • A Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.
  • Experience of working within an information security discipline.
  • Experience working with productivity software such as Microsoft Word and Excel.
  • Experience of computer operating systems, such as Linux and Windows (e.g. security fundamentals, patch management, file sharing).
  • Experience working with SIEM, IDS and related security monitoring tools.


  • Good working knowledge of SNORT IDS from installation to operation
  • Experience of applications based on an ELK / Elastic stack architecture (Elasticsearch, Logstash, and Kibana)
  • Minimum of 2-3 years of experience in a Security Operation Centre (SOC) or similar operational environment or team.
  • Qualifications within the IT field such as Cisco Certified network Professional Security (CCNP Security), CREST Practitioner Intrusion Analyst; ITIL Foundation; CompTIA Network plus certification or similar; SANS GIAC or similar
Similar jobs