OpNet SOC Security Analyst

Location:
Corsham
Job Type:
Contract
Industry:
Cyber Security
Job reference:
BBBH156528_1654765401
Posted:
almost 2 years ago

OpNet SOC Security Analyst (Incident)

Corsham / On-site

12 months +

OpNet SOC Security Analyst to join a multinational defence technology company based in Corsham on an initial 12-month contract.

A high level of clearance is preferred for this role.

Job Specification:

The DPS SOC Security Analyst (Incident) is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Analyst (Incident) is critical for the deployed environment, ensuring that operational security processes are enacted at every level.

The Security Analyst (Incident) reports to the Security Manager (Incident) and is responsible for:

  • Detecting and responding to malicious behaviour across all platform components including workstations, servers, and network devices.
  • Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), anti-virus and intrusion prevention/detection systems.
  • Reviewing and responding to escalated security events.
  • Proactively hunting threats within the OpNET environment.
  • Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
  • Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
  • Conducting forensic analysis on systems and engaging third-party resources as required.
  • Ensuring incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
  • Ensuring compliance to SLAs and KPIs, process adherence and process improvisation to achieve operational objectives.
  • Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
  • Revising and developing processes to strengthen the DETECT and RESPOND delivery.
  • Initiation of corrective action where required.
  • Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
  • Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
  • Co-ordination with stakeholders (both internally within DPS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.
  • Routine governance and compliance audits, and accreditation activities.

Required (minimum):

  • Hold current DV clearance.
  • Strong hands-on experience of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onion v2).
  • Hands-on experience on a variety of scanning tools when required to investigate from tools specifically (tools including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee ePO, Tanium, Tripwire and Whats Up Gold).
  • Experience in forensics, malware analysis, threat intelligence.
  • Ability to understand, modify and create threat detection rules within a SIEM.
  • Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.

Desirable qualifications:

  • CompTIA A+.
  • CompTIA Security+.
  • CompTIA CySA+.
  • CompTIA PenTest+.
  • MCSE.
  • SANS 504 - Incident Handling.
  • SANS 503 - Intrusion Analyst.
  • SANS 511 - Continuous Monitoring.

If you feel you have the relevant experience and skills required, please do not hesitate to apply now!

Back job search
Back to Search Results
.