Lead Security Analyst - SIEM (Tenable - Splunk - ELK - Alien Vault - Qradar) - SC Cleared

Recruiter
Nexere Consulting Ltd
Location
Manchester
Posted
28 Nov 2018
Closes
10 Dec 2018
Contract Type
Permanent
Hours
Full Time

Security Analyst - Tier 2 - SIEM (Tenable - Splunk - ELK - Alien Vault - Qradar) - SC Cleared

We are seeking a flexible, Tier 2 SOC analyst st to perform deep-dive incident analysis by correlating data from various sources. The successful applicant will be a team lead and happy to work shifts. As a Tier 2 SOC analyst they will have the capability to triage incidents, determine if a critical system or data set has been impacted and advise on remediation actions. The analyst will be responsible for coordinating the response for minor incidents and supporting the CSOC manager dealing with major incidents.

Areas of concentration include firewalls, intrusion detection/prevention, encryption, antivirus, incident response, and security event management.

ESSENTIAL skills;
1. Have a strong IT technical background and experience working in a SOC environment.
2. Has functional knowledge of understanding and configuring open source toolsets.
3. Has utilised toolsets for analysis such as but not limited to SIEMs (e.g. Splunk, ELK, Alien Vault, MacAfee, IBM QRadar, etc.), IDS/IPS (e.g. network- and host-based), NAC, FIM, DLP, vulnerability management tools, network monitoring tools, Cyber Security Case management (eg SNow), etc.
4. Functional knowledge of TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools.
5. Functional knowledge of UNIX, Linux, Apple and Windows technologies.
6. Functional knowledge of operating protocol analysers and analysing output.
7. Functional experience performing monitoring, analysis and recovery procedures or security technologies.
8. Functional experience performing deep-dive incident analysis by correlating data from various sources.
9. Experience of using Security Information and Event Management (SIEM) platforms, and Case Management tools.
10. Knowledge of targeted cyber attack analysis and response, and coordinating incident response processes.

Responsibilities:

• Provide security monitoring for a growing environment; support incident responses and provide root cause analysis support for incidents.
• Provide Information Security Reporting and Metrics and provide input into improving information security reporting and metrics; identify/recommend improvements on internal investigation capabilities via tool building.
• Provide assistance in recovering from security breaches; participates in investigation and remediation of security incidents; establish configuration policies for security technologies.
• Review aggregated server logs, firewall logs, intrusion prevention logs, and network traffic for unusual or suspicious activity.
• Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases.
• Working as part of a team, performing deep-dive incident analysis and determining if critical systems or data sets has been impacted.
• Coordinating the incident response of minor incidents by advising on remediation actions and escalating major incidents to the designated parties.
• Generating tailored reports of minor and major incidents.

Security Analyst - Tier 2 - SIEM (Tenable - Splunk - ELK - Alien Vault - Qradar) - SC Cleared

Similar jobs

Similar jobs