Description
Security Clearance Level Required: SC
Main Duties and Responsibilities:
Lead, supervise or directly manage a team of Digital Security Specialists; Lead on development of plans to safeguard computer files against accidental or unauthorised modification, destruction, or disclosure and to meet emergency data processing needs; Confer with users to discuss issues such as computer data access needs, security violations, and programming changes; Monitor current reports of computer viruses to determine when to update virus protection systems; Modify computer security files to incorporate new software, correct errors, or change individual access status; Coordinate implementation of computer system plan with establishment personnel and outside vendors; Train users and promote security awareness to ensure system security and to improve server and network efficiency.
MUST HAVE EXPERIENCE WITH ELK (ABSOLUTELY ESSENTIAL). Technical role - Looking at datasets, understand CSOC/Analyst.
Essential Experience:
ELK. Functional knowledge of configuring opensource toolsets (Splunk, Logstash, Redis, ElasticsSearch, and Kibana).
As a Security Analyst, your role on the team will include leveraging your knowledge of industry best practices, good judgment and problem solving skills to execute security operations. Areas of concentration include Firewalls, intrusion detection/prevention, encryption, antivirus, incident response, and security event management.
Technologies of specific interest (desirable but not essential) include: Familiarity with Wireless NAC, ELK, and RSA Envision In this position you will:
Provide security monitoring for a growing environment; support incident responses and provide root cause analysis support for incidents. Provide Information Security Reporting and Metrics and provide input into improving information security reporting and metrics; identify/recommend improvements on internal investigation capabilities via tool building. Provide assistance in recovering from security breaches; participates in investigation and remediation of security incidents; establish configuration policies for security technologies. Review aggregated server logs, Firewall logs, intrusion prevention logs, and network traffic for unusual or suspicious activity. Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases. Create and maintain internal training materials and provide training to appropriate information systems staff; assist with propagating security awareness among employees. Working as part of a team, performing deep-dive incident analysis and determining if critical systems or data sets has been impacted. Coordinating the incident response of minor incidents by advising on remediation actions and escalating major incidents to the designated parties. Generating tailored reports of minor and major incidents. Recording lessons learnt and improving existing processes and procedures. Processing incident communications to include initial reporting, follow-ups, requests for information, and resolution activity. Providing support for new analytic methods for detecting threats. Continuously seeking to identify potential service and process improvements.
1. Have a strong IT technical background and experience working in a SOC environment.
2. Has functional knowledge of understanding and configuring open source toolsets. Examples are Splunk, Logstash, Redis, ElasticsSearch, and Kibana (ELK).
3. Has utilised toolsets for analysis such as but not limited to SIEMs (eg Splunk, ELK, LogRhythm, MacAfee, IBM QRadar, etc.), IDS/IPS (eg network- and host-based), NAC, FIM, DLP, vulnerability management tools, network monitoring tools, Cyber Security Case management (eg SNow), etc.
4. Functional knowledge of TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, Firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools.
5. Functional knowledge of UNIX, Linux, Apple and Windows technologies.
6. Functional knowledge of operating protocol analysers and analysing output.
7. Functional experience performing monitoring, analysis and recovery procedures or security technologies.
8. Functional experience performing deep-dive incident analysis by correlating data from various sources.
9. Experience of using Security Information and Event Management (SIEM) platforms, and Case Management tools.
10. Knowledge of targeted cyber attack analysis and response, and coordinating incident response processes.
11. Active CISSP, SSCP, SANS certifications, Security or equivalents
12. Knowledge of building and consuming RESTful web services.
13. Knowledge of JASON, Query String Query, and Python (or similar).
Working in Southport or Salford
Please specify which location you want on your cover sheet