Description
Content Author
Our Defence client based in Hereford are recruiting for a Content/Technical Author. The role requires DV level Security Clearance.
Role Description: Uses data collected from a variety of Cyber defence toolsets that are injected into the DCC-Medium to analyse events that occur within the ICS/network environment for the purposes of mitigating threats.
Tasks:
- Develop content/use cases for Security Information and Event Management (SIEM) solutions and provide SME assistance in the construction of signatures/rule correlations to be implemented on DCC-M in response to new or observed threats within the network/enterprise
- Use the DCC-M for continual monitoring and analysis of on-boarded ICS/networks to identify malicious activities
- Progress the ability to write custom lists, queries and rules within the CyISOC
- Coordinate and conduct event collection, log management, event management, compliance automation and identify monitoring activities
- Assist CyISOC engineer team in identifying how logs should be parsed
- Mentor and support the existing Level 1 Analysts to triage alerts independently and support their role development within the CyISOC
- Produce CyISOC supporting documentation detailing governance, procedures and processes for Level 1 and 2 Analysts and linking to the engineering documentation
- Develop innovative and cutting-edge detection content; utilising the MITRE ATT&CK and Cyber Kill Chain frameworks and liaison with the CyISOC TI to assist MAB in understanding their adversaries TTP's, prioritise and test their defence in order to mature their Security Posture
- Analyse ICS/network alerts received by the DCC-M and determine possible causes of such alerts
- Analyse identified malicious activity to determine ICS/network weaknesses being exploited, the exploitation methods and effects on the system and information
- Characterise and analyse network traffic in-depth to identify anomalous activity and potential threats to ICS/networks
- Provide timely detection, identification and alerting of possible attacks/intrusions, anomalous activities and misuse activities and distinguish these incidents and events from benign activities
- Coordinate with MAB CyISOC staff to validate network alerts
- Document and escalate incidents that may cause ongoing and immediate impact to the environment
- Perform cyber defence trend analysis and reporting
- Work with ambition to support MAB with the maturation of the CyISOC, demonstrating a desire to broaden your own skills and knowledge in-turn imparting this knowledge on.
Skills/Experience:
- Previous experience of Enterprise ICS/network architectures and technologies
- Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.
- Experience as a mentor/coach to Junior Analysts
- Experience of writing automated test scripts or feature verification tests.
- Broad IT and Network Security Experience and its application within a SOC environment and Best Practices
- Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks
- Skilled in performing packet-level analysis to identify potential malicious activities
- Knowledge of key security frameworks eg ISO, NIST
- Excellent communication skills
- Experience of writing Defence/Government documentation
Desirable Qualifications:
- Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)
- SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
- Advanced Analyst Course (SANS SEC503 or equivalent)
Vetting: Minimum DV