Connecting to LinkedIn...

Security Incident Analyst

Job Title: Security Incident Analyst
Contract Type: Contract
Location: Berkshire, England
Salary: Negotiable
Start Date: ASAP
Duration: 6 Months
REF: AT - SIA_1530692900
Contact Name: Adam Thompson
Contact Email:
Job Published: about 1 year ago

Job Description

Security Incident Analyst

Security Incident Analyst required for a 6 month assignment with a leading Mobile brand based in Berkshire.

We are looking for someone to play a pivotal role in helping to continue to develop and shape my clients operational security against a backdrop of significant change.

The successful candidate will be joining the Security team in the fastest growing UK mobile operator; an expanding team with a clear vision to deliver a safe experience.

The roles for the CERT would involve the following, some of the points are optional depending on business appetite:

  • Monitor a wide range of tooling to establish a baseline and take appropriate action on any deviation from it
  • Provide tactical level intelligence analysis of cyber threats and threat actors in support of cyber defence and network operations
  • Deliver recommendations and actions to improve the detection, escalation, containment and resolution of incidents
  • Develop centralised logging solutions
  • Enhance existing incident response methods, tools and processes
  • Perform real-time incident handling, including forensics collections and intrusion correlations and tracking
  • Collect, assess, and catalogue threat indicators
  • Maintain knowledge of the current security threat level by monitoring related Internet postings, intelligence reports, and related sources
  • Available for extended hours in the event of a major incident
  • Perform forensic investigations
  • Perform malware analysis and reverse engineering
  • Perform testing with open source penetration testing tools
  • Perform 'spot-checks' on systems by reviewing system / application logs

Key Responsibilities

Day to Day

  • Continuous monitoring of security tooling
  • Perform regular and ad-hoc Vulnerability Assessments.
  • Reporting on vulnerabilities to the PVG via the alerts system.
  • 'Spot checks' on logs on various systems.
  • Building understanding and documenting logging for systems.
  • Developing centralised logging, reporting and intelligence platforms
  • Collect external intelligence information from wide ranging sources, translated into applicable format and disseminated accordingly
  • 'Light touch' penetration testing with open source tooling (e.g. Metasploit)
  • Reporting on security events and effectiveness of tooling
  • Working with Internal Communications where needed to notify employees of new risks
  • Defining and setting a Cyber Threat Level to be communicated to staff
  • Continuous improvement to processes and procedures

Incident Related Activities

  • Incidents would be reviewed alongside Incident Management to determine if the issue affects confidentiality or integrity of internal systems.

If the issue is defined as a Security Incident, the CERT resource would take command and:

  • Prioritise the incident according to a pre-defined security incident priority matrix
  • Make an assessment as to whether external stakeholders, like external forensic investigators need to be involved
  • Direct and co-ordinate all operations teams to contain and/or mitigate the issue
  • Ensure that if data needs collection it is completed in a forensically sound manner
  • Communicate with relevant stakeholders including Internal and Corporate Communications

Current Tooling

  • Lancope
  • Cisco ISE
  • Microsoft Security and Compliance Centre
  • Splunk
  • Arbor DDOS Protection
  • Akamai DDOS Protection
  • McAfee ePO
  • Cisco ACS
  • Microsoft ATA
  • Microsoft Information Rights Management

Required Knowledge and Experience

  • Experience performing security event and incident detection and handling in an operational environment such as SOC, CSIRT, CERT, etc.
  • Experience reviewing and analysing Security Events from various monitoring and logging sources
  • Knowledge of, and experience with packet analysis
  • Experience in web site and web application security assessment or penetration testing
  • Previous experience working as a part of an IT Security team or in Incident Response
  • An active knowledge of current trends in computer security, software/hardware vulnerabilities
  • An active interest in current security research
  • Ability to work as part of a CERT Team which may require rotational weekday/weekend on-call coverage
  • Ability to work independently and with minimal supervision
  • Ability to understand and implement technical vulnerability corrections
  • Experience of malware analysis
  • Scripting knowledge using BASH, Python, Perl, ruby
  • Knowledge of multiple operating systems including Windows, Linux, Solaris
  • Skills in Host and Network Forensics
  • Robust networking knowledge including TCP/IP, MPLS, OSPF, BGP

Project People is acting as an Employment Business in relation to this vacancy.