Role: Security Analyst / Technical Specialist
Contracting Authority: HOME OFFICE|Digital Data and Technology
Contract Length: 12 months
Location: Soapworks, Colgate Lane, Salford, M5 3EB
Salary: £450 max per day
Security Clearance: Active SC reqired
Minimum Requirement: SC & experience leading a small team. This role will be managing 4 people (Delegating work and tracking progress etc.)
CV Deadline: Wed 6th 1pm
Interview Process: face to face
We are seeking a flexible, Cyber Security technical specialist to perform deep-dive incident analysis by correlating data from various sources. The successful applicant will be a team lead and happy to work shifts. As a Tier 2 SOC analyst they will have the capability to triage incidents, determine if a critical system or data set has been impacted and advise on remediation actions. The analyst will be responsible for coordinating the response for minor incidents and supporting the CSOC manager dealing with major incidents. This has been agreed by Emma Dickson. We are losing a considerable amount of experience due to a CCL Tier 2 terminating his arrangement within the next 3 months. A permanent civil servant Tier 2 Analyst has also discussed handing in his resignation and will be leaving around the same time. The experience that these contractors will bring to the department will be cascading down to the existing team members for knowledge transfer and succession planning. Lunar House, Croydon 4th Floor, 2 Marsham Street, London
As a Security Analyst, your role on the team will include leveraging your knowledge of industry best practices, good judgment and problem-solving skills to execute security operations.
Areas of concentration include firewalls, intrusion detection/prevention, encryption, antivirus, incident response, and security event management.
In this position you will:
• Provide security monitoring for a growing environment; support incident responses and provide root cause analysis support for incidents.
• Provide Information Security Reporting and Metrics and provide input into improving information security reporting and metrics; identify/recommend improvements on internal investigation capabilities via tool building.
• Provide assistance in recovering from security breaches; participates in investigation and remediation of security incidents; establish configuration policies for security technologies.
• Review aggregated server logs, firewall logs, intrusion prevention logs, and network traffic for unusual or suspicious activity.
• Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases.
• Create and maintain internal training materials and provide training to appropriate information systems staff; assist with propagating security awareness among employees.
• Working as part of a team, performing deep-dive incident analysis and determining if critical systems or data sets has been impacted.
• Coordinating the incident response of minor incidents by advising on remediation actions and escalating major incidents to the designated parties.
• Generating tailored reports of minor and major incidents.
• Recording lessons learnt and improving existing processes and procedures.
• Processing incident communications to include initial reporting, follow-ups, requests for information, and resolution activity.
• Providing support for new analytic methods for detecting threats.
• Continuously seeking to identify potential service and process improvements
1. Have a strong IT technical background and experience working in a SOC environment.
2. Has functional knowledge of understanding and configuring open source toolsets.
3. Has utilised toolsets for analysis such as but not limited to SIEMs (e.g. Splunk, ELK, Alien Vault, MacAfee, IBM QRadar, etc.), IDS/IPS (e.g. network- and host-based), NAC, FIM, DLP, vulnerability management tools, network monitoring tools, Cyber Security Case management (eg SNow), etc.
4. Functional knowledge of TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools.
5. Functional knowledge of UNIX, Linux, Apple and Windows technologies.
6. Functional knowledge of operating protocol analysers and analysing output.
7. Functional experience performing monitoring, analysis and recovery procedures or security technologies.
8. Functional experience performing deep-dive incident analysis by correlating data from various sources.
9. Experience of using Security Information and Event Management (SIEM) platforms, and Case Management tools.
10. Knowledge of targeted cyber attack analysis and response, and coordinating incident response processes.
• Active CISSP, SSCP, SANS certifications, Security or equivalents.
• Willingness to undertake security clearance initially to SC
QUALIFICATIONS and EXPERIENCE required
1. Have a strong IT technical background and experience working in a SOC environment