Secure Business Computing Solutions.
This role is for a Cyber Security Operations Analyst experienced in working within a Cloud First organisation. You will work closely with the Security Operations Manager to act as the conduit between Internal and external stakeholders responsible for protecting the organisations digital assets.
The analyst will have experience working with Service Providers within a commercial or public sector environment. The successful candidate will be a member of the Internal Cyber Security function working alongside internal and external stakeholders to help define and deliver a good protective monitoring standard by identifying and implementing key metrics for event monitoring, alerting and incident response.
The analyst will have a good understanding off SOC analysis tools used to monitor the infrastructure and applications for exploitable vulnerabilities and weaknesses. You will work closely with internal and external stakeholders to help identify, develop, and implement, robust incident response processes and procedures to remediate any threats and incidents.
The Cyber Security Operations Analyst will be able to work unsupervised and maintain a good level of knowledge with evolving threats and vulnerabilities acting as the intermediary between external security monitoring providers and internal systems engineers.
- Develop exiting capabilities using OSINT and external threat Intelligence sources where applicable and integrate with current and or future SOC platform.
- Develop and test Incident Response procedures for different security breach scenarios.
- Prepare Incident reports including your findings, the status/progress of the investigation and the risk factors involved.
- Experience working within Security Operations Center and Cloud focused environments.
- Experience with SIEM tools e.g. Splunk, AlienVault, ELK
- Advanced networking knowledge
- Good experience in Microsoft Cloud technologies and solutions
- Ability to deal with 3rd parties and relay technical information
- Excellent communication skills to a senior level
- Experience performing triage and remediating security incidents
- Good knowledge of system vulnerability and exploitation, intrusion detection, access controls and authorization, firewall, encryption, protocols, and threat protection.
- Good knowledge of Cyber Security frameworks such as the Mitre [email protected] and the Cyber Kill Chain
- Strong analytical and problem-solving skills, with the ability to manage multiple tasks.
- Good knowledge of Information Security technologies; NIDS/IPS, HIDS, WAF, Firewalls, content filtering, Vulnerability Management, Incident response.
- Experience with Security Information and Event Management (SIEM) and vulnerability management platforms.
- Experience with Unix/Linux operating systems, working with network and server monitoring as well as SaaS, IaaS, and PaaS services (Microsoft Azure, Microsoft 365)
- Strong verbal and written communication skills.
- Good knowledge and practical use of OWASP Top 10
- Knowledge of the Common Vulnerabilities and Exposures system https://cve.mitre.org
- Ability to remain calm under pressure.
- Good Knowledge of Information Security Standards such as ISO 27001 and Cyber Essentials/Cyber Essentials Plus
- Acting as the technical interface between internal and external support providers
- Prioritising events and incidents which may lead to a breach of systems or loss of data.
- Providing input into Incident response activities (IR Playbooks, Root Cause Analysis, Lessons Learned)
- Identifying post-exploitation attacker activity
- Maintaining good understanding of alerts and attack patterns that can help to effectively prioritise alerts.
- Perform high-quality, bias-free alert analysis and investigation.
- How to identify the most high-risk alerts, and quick ways to verify them.
- Defining log collection sources within the environment for ingestion with the SIEM
- Tune threat detection analytics to eliminate false positives.
To apply for this job please visit www.cybersecurityjobsite.com.