Cyber Security Engineer
The successful candidate will be required to use their knowledge of NIPS / FPC technologies and cyber security techniques to support and maintain these security technologies within the deployment of a complex cyber implementation. The role requires the ability to support, maintain, troubleshoot and tune the security devices, working in conjunction with other cyber security specialists as an integral part of a wider system implementation.
You will be responsible for working with the security event analysts and the tools specialists to help tune the security tools for optimum performance. Ensuring that all specialist applications such as event correlation (and its associated remote data collection feeds), network discovery, network traffic pattern/flow analysis, mail content checking, extrusion detection and on-line computer forensics tools are installed, configured and operational.
This role will include deep configuration and administration of a range of cyber defence specialist tools, primarily focussed on Network Intrusion Protection (NIPS) and Full Packet Capture (FPC). Successful candidates may become involved in the investigation in to security events to establish if these are expected tool behaviours, events or a security threat.
The additional responsibilities will include the following:
- Ensuring that all specialist applications such as event correlation (and its associated remote data collection feeds), network discovery, network traffic pattern/flow analysis, mail content checking, extrusion detection and on-line computer forensics tools are installed, configured and operational
- Maintain keen understanding of evolving Internet threats to ensure the security.
- Write technical articles for internal knowledge base
- Participate in knowledge sharing with other analysts and develop solutions efficiently
- Coordinate or participate in individual or team projects
A motivated, self-managed individual who is willing to help design and adapt a constantly evolving service. Someone who can demonstrate above average analytical skills and liaise professionally with peers and stakeholders, even under pressure.
- A sound knowledge of IT security best practice, common attack types and detection / prevention methods.
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
- Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
- In depth experience of other common devices, such as routers, switches, hubs.
- Must be capable of communicating clearly with team members and other analysts. Able to demonstrate reading, writing and spoken English to level III as a minimum. (B1 of the Council of Europe/Association of Language Testers in Europe official levels)
- Good understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP)
- Experienced with integrating existing IT infrastructures into a SIEM / SOC solution from inception through to support
- Understanding of various SOC standards and reporting requirements i.e. GPG13
- Experience implementing SOC reporting and governance
- Experience with SOC automation and workflow products such as Archer GRC
- Exposure to IT service management best practices such as ITIL
- Experience of using and administering SIEM and Log Management tools such as ArcSight ESM, Q1 Radar, ArcSight Logger, RSA EnVision or LogLogic
- Experience of using and administering security tools such as Sourcefire, Symantec Endpoint Protection, RSA Security Analytics and/or TrendMicro products.
- Knowledge of software engineering including programming and/or scripting knowledge. Python, shell scripting, PowerShell.
- A solid understanding of Information Security Practices; relating to the Confidentiality, Integrity and Availability of information (CIA triad.)
- Ability to manage workload for themselves and the team in pressurised environments to Time, Quality and Standards
- Ability to undertake International Assignment
- Aptitude to learn new skills
Candidates must hold valid UK Security Clearance or be able to attain the level of Clearance specified.
To apply please send a CV and covering letter outlining your suitability, salary requirements and availability.
In line with Asylum & Immigration Legislation, all applicants must be eligible to live and work in the EU. Documented evidence of eligibility will be required from candidates as part of the recruitment process. Furthermore, in view of the nature of the work, all potential employees will undergo stringent reference and identity checks.
CND Limited is acting as an Employment Agency in relation to this vacancy.