Description
Job Description
The successful candidate will be required to use their knowledge of NIPS/FPC technologies and cyber security techniques to support and maintain these security technologies within the deployment of a complex cyber implementation. The role requires the ability to support, maintain, troubleshoot and tune the security devices, working in conjunction with other cyber security specialists as an integral part of a wider system implementation.
You will be responsible for working with the security event analysts and the tools specialists to help tune the security tools for optimum performance. Ensuring that all NCIRC specialist applications such as event correlation (and its associated remote data collection feeds), network discovery, network traffic pattern/flow analysis, mail content checking, extrusion detection and on-line computer forensics tools are installed, configured and operational.
Key Responsibility Areas
This role will include deep configuration and administration of a range of cyber defence specialist tools, primarily focussed on Network Intrusion Protection (NIPS) and Full Packet Capture (FPC).
Successful candidates may become involved in the investigation in to security events to establish if these are expected tool behaviours, events or a security threat.
The additional responsibilities will include the following:
- Ensuring that all NCIRC specialist applications such as event correlation (and its associated remote data collection feeds), network discovery, network traffic pattern/flow analysis, mail content checking, extrusion detection and on-line computer forensics tools are installed, configured and operational
- Maintain keen understanding of evolving Internet threats to ensure the security of the NATO networks
- Write technical articles for internal knowledge base
- Participate in knowledge sharing with other analysts and develop solutions efficiently
- Coordinate or participate in individual or team projects
Skills, Qualifications & Knowledge
- A motivated, self-managed individual who is willing to help design and adapt a constantly evolving service. Someone who can demonstrate above average analytical skills and liaise professionally with peers and NATO stakeholders, even under pressure.
- A sound knowledge of IT security best practice, common attack types and detection/prevention methods.
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
- Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
- In depth experience of other common devices, such as Routers, Switches, hubs.
- Must be capable of communicating clearly with team members and other analysts. Able to demonstrate reading, writing and spoken English to NATO IS level III as a minimum. (B1 of the Council of Europe/Association of Language Testers in Europe official levels)
- Good understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP)
- Experienced with integrating existing IT infrastructures into a SIEM/SOC solution from inception through to support
- Understanding of various SOC standards and reporting requirements ie GPG13
- Experience implementing SOC reporting and governance
- Experience with SOC automation and workflow products such as Archer GRC
Knowledge or experience of the following would be desirable:
- Exposure to IT service management best practices such as ITIL
- Experience of using and administering SIEM and Log Management tools such as ArcSight ESM, Q1 Radar, ArcSight Logger, RSA EnVision or LogLogic
- Experience of using and administering security tools such as Sourcefire, Symantec Endpoint Protection, RSA Security Analytics and/or TrendMicro products.
- Knowledge of software engineering including programming and/or Scripting knowledge. Python, Shell Scripting, PowerShell.
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)