Morson Human Resources Limited
,
Portsmouth, Hampshire
Security Operations Centre Analyst
|
Salary: £300.00 - £376.85 per day |
---|
Overview
Job Purpose To work within the Babcock Security Operations Centre (SOC) as an Analyst with a responsibility to identify, notify and respond to security threats across the large and distributed IT estate To carry out forensic analysis on Babcock IT systems and work with various resolver groups to ensure the timely mitigation of security incidents. To work on both Commercial and HMG environments to the policies set by the Information Assurance team. Major Tasks and Activities Analyse and investigate security events from various sources; Manage security incidents through all phases of the incident response process through to closure; Check system vulnerabilities and recommend remedial action to be taken by resolver groups; Provide system security advice to system management, system staff and users; Update tickets, write incident reports and document actions for false positive reduction; Post incident review for 'lessons learned'. This includes updating tools, processes and plans for incident response and increasing the effectiveness of detection systems as well working with other resolver groups to ensure similar attacks won't succeed in the future; Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures; Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies; Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture; Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies for even detection and analysis. Evolving the capability and value of the toolsets by defining and improving the reports, dashboards, alerts, signatures and Intelligence sources Identify Intelligence source correlation opportunities to facilitate early detection of a security event or incident; Maintain and support the operational integrity of SOC toolsets Maintain an awareness of current threat trends, events and technology vulnerabilities Monitor the back-up and recovery of relevant system security information; Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner; Where requested initiate any security investigation into possible security breaches, which may involve HMG protectively marked information; Participate in knowledge sharing and undertake incident response exercises; Evaluate and implement intelligence regarding new threats and vulnerabilities and ensure detective controls are updated to detect new attacks; Ensure the proper custody of magnetic media and other system documents Maintain the above using the appropriate Babcock Change Management and Incident Response processes. Person Specification Qualifications and Experience: Must have: Experience as a Security Analyst A proven track record of delivery in a multi-disciplined environment Demonstrable experience of security related incidents and work requests Familiarity with industry leading security products Knowledge of SIEM toolsets Knowledge of Full Packet Capture toolsets Knowledge of Intrusion Detection Systems Familiar with methods for ethical security hacking/penetration testing Familiar with the tools and techniques used by hackers Experience of working within a change control and incident management environment Detailed internet, networking, and computer knowledge Understanding of systems administration Experienced intrusion detection and vulnerability analysis. Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis Excellent written and oral communication skills Desirable: Experience of UK HMG information security processes and policies. Experience with security testing tools, development of threat assessments and security testing methodologies would be advantageous. Knowledge and experience of Computer Forensics Be a successful mentor for junior analysts Competent at writing SOC processes and procedures Qualifications / accreditations by relevant organisations, eg GIAC, CREST, Certified Ethical Hacker Technical & Specialist Knowledge Must have: Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills. Excellent understanding of networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Security incident management and control Understanding of the Domain Name System (DNS) Detailed understanding of packet structure and packet header fields Understanding of fragmentation Ability to create custom Snort rulesKnowledge of IDS/IPS management and architecture issues Understanding of NIDS evasion, insertion, and checksums Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging TCP Dump fundamentals and knowledge of writing filters Wireshark fundamentals Solid understanding of HEX Desirable: Working knowledge of at least four of the following: Client server applications Multi-tier web applications Relational databases Firewalls Virtual private networks Cryptography including PKI, SSL/TLS and IPSEC Microsoft Exchange & Outlook Enterprise anti-virus product sets Forensic log monitoring Knowledge of CESG product sets Good understanding of Microsoft protocols Security Criteria to be achieved : MOD SC Clearance with suitable criteria and willingness for DV clearance if required Other security clearances as contracts demand g. Met Police security clearance Other Ability to travel between sites will be required. You will also be required to participate in a standby and callout rota to ensure 24 hour, 7 day a week service delivery to the business. INSIDE IR35 This job was originally posted as www.totaljobs.com/job/89840474