Security Incident Analyst
Security Incident Analyst required for a 6 month assignment with a leading Mobile brand based in Berkshire.
We are looking for someone to play a pivotal role in helping to continue to develop and shape my clients operational security against a backdrop of significant change.
The successful candidate will be joining the Security team in the fastest growing UK mobile operator; an expanding team with a clear vision to deliver a safe experience.
The roles for the CERT would involve the following, some of the points are optional depending on business appetite:
- Monitor a wide range of tooling to establish a baseline and take appropriate action on any deviation from it
- Provide tactical level intelligence analysis of cyber threats and threat actors in support of cyber defence and network operations
- Deliver recommendations and actions to improve the detection, escalation, containment and resolution of incidents
- Develop centralised logging solutions
- Enhance existing incident response methods, tools and processes
- Perform real-time incident handling, including forensics collections and intrusion correlations and tracking
- Collect, assess, and catalogue threat indicators
- Maintain knowledge of the current security threat level by monitoring related Internet postings, intelligence reports, and related sources
- Available for extended hours in the event of a major incident
- Perform forensic investigations
- Perform malware analysis and reverse engineering
- Perform testing with open source penetration testing tools
- Perform 'spot-checks' on systems by reviewing system / application logs
Day to Day
- Continuous monitoring of security tooling
- Perform regular and ad-hoc Vulnerability Assessments.
- Reporting on vulnerabilities to the PVG via the alerts system.
- 'Spot checks' on logs on various systems.
- Building understanding and documenting logging for systems.
- Developing centralised logging, reporting and intelligence platforms
- Collect external intelligence information from wide ranging sources, translated into applicable format and disseminated accordingly
- 'Light touch' penetration testing with open source tooling (e.g. Metasploit)
- Reporting on security events and effectiveness of tooling
- Working with Internal Communications where needed to notify employees of new risks
- Defining and setting a Cyber Threat Level to be communicated to staff
- Continuous improvement to processes and procedures
Incident Related Activities
- Incidents would be reviewed alongside Incident Management to determine if the issue affects confidentiality or integrity of internal systems.
If the issue is defined as a Security Incident, the CERT resource would take command and:
- Prioritise the incident according to a pre-defined security incident priority matrix
- Make an assessment as to whether external stakeholders, like external forensic investigators need to be involved
- Direct and co-ordinate all operations teams to contain and/or mitigate the issue
- Ensure that if data needs collection it is completed in a forensically sound manner
- Communicate with relevant stakeholders including Internal and Corporate Communications
- Cisco ISE
- Microsoft Security and Compliance Centre
- Arbor DDOS Protection
- Akamai DDOS Protection
- MS SCCM
- McAfee ePO
- Cisco ACS
- Microsoft ATA
- Microsoft Information Rights Management
Required Knowledge and Experience
- Experience performing security event and incident detection and handling in an operational environment such as SOC, CSIRT, CERT, etc.
- Experience reviewing and analysing Security Events from various monitoring and logging sources
- Knowledge of, and experience with packet analysis
- Experience in web site and web application security assessment or penetration testing
- Previous experience working as a part of an IT Security team or in Incident Response
- An active knowledge of current trends in computer security, software/hardware vulnerabilities
- An active interest in current security research
- Ability to work as part of a CERT Team which may require rotational weekday/weekend on-call coverage
- Ability to work independently and with minimal supervision
- Ability to understand and implement technical vulnerability corrections
- Experience of malware analysis
- Scripting knowledge using BASH, Python, Perl, ruby
- Knowledge of multiple operating systems including Windows, Linux, Solaris
- Skills in Host and Network Forensics
- Robust networking knowledge including TCP/IP, MPLS, OSPF, BGP
Project People is acting as an Employment Business in relation to this vacancy.