Location: Basingstoke
Department: Group IT
Reporting to: Chief Security and Information Officer
Job Objective
1. Acknowledge, analyse and validate incidents triggered from correlated via analysis and various tools.
2. Acknowledge, analyse and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
3. Collection of necessary logs that could help in the incident containment and security investigation.
4. Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers.
5. Escalate validated and confirmed incidents to CISO.
6. Undertake first stages of false positive and false negative analysis.
7. Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, appliances, AV and antimalware software, email security, etc.
8. Open incidents. Analyst should properly include for each incident all details related to the logs, alarms and other indicators identified, with the intervention protocol.
9. Track and update incidents.
10. Research and analyse security incidents and provide insight into how to detect and resolve them.
11. Report infrastructure issues to the infrastructure team.
12. Help develop platforms and tools to automate and improve security posture across the group.
13. Help improve and develop documentation.
Skills and Competencies Required
1. Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, EDR/XDR, mail filtering and other security products.
2. Experience in Security Information Event Management (SIEM) tools, creation of basic correlation rules, and administration of SIEM preferred.
3. Should have expertise on TCP/IP network traffic and event log analysis.
4. Network Troubleshooting skills required.
5. Knowledge and hands-on experience in penetration testing/vulnerability scanning, security tools like Tenable Nessus, Kali Linux.
6. Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
7. Experience of infrastructure design and management in mission critical environments preferred.
8. Understanding of Virtual Infrastructure and Windows environments preferred.
9. Effective communication, organizational, problem-solving and presentation skills.
10. Self-motivated and, in time while supported, able to work with minimal supervision.
11. Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership.
12. Knowledge of ISO27001, CE, CE+.
Key Tasks
1. Security assessments: Create and perform security assessments and threat models.
2. Security standards: Develop, implement & maintain security standards and plans.
3. Vulnerability Management: Research weaknesses and find ways to counter them.
4. Security incident response: Respond to attack vectors and security incidents, and coordinate incident response across teams.
5. Security software testing: Test company software, firmware, and firewalls.
6. Security software design: Design software security systems like intrusion detection systems and firewalls.
7. Security system maintenance: Maintain and proof network security systems.
8. Security system analysis: Analyse security systems and seek improvements on a continuous basis.
#J-18808-Ljbffr