Incident (Security) Analyst
Home-based
Job Number
40842
Posted
24th May 2021 : 1:46 pm
Job Status
Live
Job Type
Full time
Duration
3 Months
Pay Type
PAYE
Pay Rate
To be confirmed on enquiry
Payment Method
Daily
Contact
Surita Dadral
Contact details
0203 356 4949, admin@121.uk.com
Job Description
The public sector client is looking to recruit a Incident Analyst (security) to work on a short test contract that is due to complete at the end of August 2021. The successful candidate will be able to start the assignment almost immediately. The successful analyst will have a valid SC clearance. Please Note: This assignment sits inside IR35.
This role supports the TTCE Protective Monitoring Service (TTCE PM). The service provides a Security Operations Centre (SOC) capability for the clients programme. This is a business crucial capability to ensure that the client – organisation and wider system is protected from Cyber Threats.
Essential Skills & Experience
Essential:
• Experience working in a technical cyber security role within a SOC or Incident Response team
• Experience in security content generation for common security tooling
• Ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services
• Analytical approach and strong problem-solving ability
• Basic knowledge of ITIL concepts and incident management
• Good written and verbal communication skills – able to present technical information to different types of stakeholders.
Desirable:
• Cloud technology experience (AWS and Azure – Security focus especially)
• Splunk Enterprise Security experience and associated certifications
• Familiarity with common cyber security frameworks (MITRE ATT&CK, Cyber Kill Chain)
• Experience of incident response engagements, whether on-prem or in cloud environments.
• Familiarity with the Atlassian productivity suite (Jira, Confluence)
Key Tasks & Deliverables
Your tasks will include:
• Protective Monitoring – working with the SOC’s toolset to provide triage and analysis of notable cyber security events which are generated from customer environments, gathering technical information and helping to give context to alerts as they occur. Documenting findings and escalating to the Incident process where required.
• Incident Handling – Carrying out the creation and handling of incidents for customers according to established service agreements. Ensuring incidents are prioritised according to agreed frameworks, escalating where appropriate and managing these through to a satisfactory resolution.
• Major Incident Management – Participating in major incidents, either as lead or an involved party to ensure efficient resolution of major incidents and delivering appropriate communications and ticket management as per major incident processes. Participating in any resulting incident review or lessons learned sessions.
• Threat Hunting – Using available tools, logs, direct system access, etc. carry out proactive work for the SOC’s customers to find cyber security issues based on an initial hypothesis, helping to identify security problems and improve the security posture of TTCE PM’s customers
• Contributing to Knowledge Base – Actively contribute to the ongoing development of the shared TTCE PM knowledge base, documenting and improving SOC processes.
• Content Development – playing an active role in the SOC’s Use Case Factory process, using a threat-led approach to improve and develop the content which drives the team’s Protective Monitoring function. This could be through identifying and designing new content, conversion of threat hunts, tuning existing content or other improvements.
Qualifications, Training & Certificates
Essential:
• Extensive knowledge of common security tools and their usage (particularly SIEM)
• Strong knowledge of Information Security & Cyber Security (Security+, CPIA/CPSA, SSCP/CISSP, GCIH)