Description
Role: SOC Analyst
Location: Belfast, Ireland
Duration: 6 months extendable
Hours of Work
Weekend shift - Sat/Sun/Mon
Role Description
As a result of planned growth, an additional position has been identified. The Security Operations Centre (SOC) Level 2 Analyst is responsible for utilizing multiple security technologies, including the ArcSight Security Information and Event Management (SIEM) tool, custom tools, and enterprise security appliances to detect, analyze, and respond to IT security incidents.
The analyst will contribute to security functional areas beyond monitoring, including mentoring Level 1 analysts, custom development, advanced analysis, assisting with new operational processes or redesigning operational processes for incident handling. The SOC provides 24x7 operational support on a shift schedule.
Responsibilities include (but are not limited to):
- Monitor multiple security technologies, such as IDS/IPS, syslog, file integrity, vulnerability scanners, anti-virus, and web proxies.
- Serve as an escalation point for possible security events detected by Level 1 analysts.
- Develop custom tools such as scripts or leverage existing tools in new ways.
- Specify new data correlations and analyze events using the ArcSight Security Information and Event Management (SIEM) tool.
- Contribute new or redesigned operational process and procedures for incident handling.
- Contribute new analysis techniques.
- Identify unforeseen gaps in security visibility coverage or threat exposure.
- Learn new technologies and skills like penetration testing, incident handling, security engineering & architecture, forensics, malware reverse engineering, etc in support of the enterprise security infrastructure.
Successful candidates will benefit from:
- Shift allowance
- 24x7 car parking in Belfast City Centre
- Condensed working hours - working week over four days with three days off
- Working in a state of the art Enterprise Command Center environment, experiencing best of breed technologies
Essential Criteria
- Have a minimum of 3 years Information Security related experience in areas such as: Security Operations, Incident Analysis, Incident Handling, Vulnerability Management or Testing, Log Analysis, Intrusion Detection, or Firewall Administration and must be knowledgeable and have had working experience with the majority of:
- Have a minimum of 2 years' experience of one of the following: Network operations or engineering; System administration on Unix, Linux or Windows and must be able to demonstrate:
- Strong TCP/IP, networking fundamentals, and security foundational knowledge and working experience
- Working experience of Windows operating system tasks, such as installations, services, sharing, navigation, etc.
- Detailed understanding of common application layer protocols, such as HTTP, SSL, FTP and DNS.
- Any leading SIEM technologies like ArcSight, RSA Envision, Log Logic.
- Common security device functions, such as IDS/IPS, network and host-based Firewalls, DLP (Data Leakage Protection), etc.
- Possible attack activities, such as scans, man in the middle, sniffing, DoS, DDoS, etc and possible abnormal activities, such as worms, trojans, viruses, etc.
- IDS signatures, such as Snort rules
- SIEM terminology, such as threat, vulnerability, risk, asset, exposure, safeguards, etc.
- Common network device functions, such as Routers, Switches, hubs, etc.
- Event Analysis, Incident Detection and escalation to Level 3 or SOC Manager; and
Desirable Criteria -
- Protocol Analysis experience with tools like Wireshark, Opnet, Gigiastor
- Security Certification (Including but not limited to):
- Certified Incident Handler (GCIH)
- Certified Intrusion Analyst (GIAC)
- Certified Information Systems Security Professional (CISSP)
- Systems Security Certified Practitioner (SSCP)
- Certified Ethical hacker (CEH)
- Certified Expert Penetration Tester (CEPT)
- Cisco Certified Network Associate (CCNA)