Security Operations Centre Analyst

Vacancy ID: 1032023
Created Date: 20.05.2020
Job Title: Security Operations Centre Analyst
Salary Available on Request
Temp or Perm: Contract Role
Region: South West
Sector: Defence
Consultant: Emma Lamb
Consultant Phone: 01942 323277

Job Description:
NRL are currently recruiting for an experienced SOC Analyst with a responsibility to identify, notify and respond to security threats across the large and distributed IT estate. To carry out forensic analysis on the client's IT systems and work with various resolver groups to ensure the timely mitigation of security incidents.  To work on both Commercial and HMG environments to the policies set by the Information Assurance team. This is an initial 3-6 month contract at Lakeside, Portsmouth.

About the Role:

  • Analyse and investigate security events from various sources;
  • Manage security incidents through all phases of the incident response process through to closure;
  • Check system vulnerabilities and recommend remedial action to be taken by resolver groups;
  • Provide system security advice to  system management, system staff and users;
  • Update tickets, write incident reports and document actions for false positive reduction;
  • Post incident review for ‘lessons learned’. This includes updating tools, processes and plans for incident response and increasing the effectiveness of detection systems as well working with other resolver groups to ensure similar attacks won’t succeed in the future;
  • Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures;
  • Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
  • Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture; 
  • Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies  for  even detection and analysis.
  • Evolving the capability and value of the toolsets by defining and improving the reports, dashboards, alerts, signatures and Intelligence sources
  • Identify Intelligence source correlation opportunities to facilitate early detection of a security event or incident;
  • Maintain and support the operational integrity of SOC toolsets
  • Maintain an awareness of current threat trends, events and technology vulnerabilities
  • Monitor the back-up and recovery of relevant system security information;
  • Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner;
  • Where requested initiate any security investigation into possible security breaches, which may involve HMG protectively marked information;
  • Participate in knowledge sharing and undertake incident response exercises;
  • Evaluate and implement intelligence regarding new threats and vulnerabilities and ensure detective controls are updated to detect new attacks;
  • Ensure the proper custody of magnetic media and other system documents
  • Maintain the above using the appropriate Babcock Change Management and Incident Response processes.
Qualifications and Experience:
Must have:
  • Experience as a Security Analyst  
  • A proven track record of delivery in a multi-disciplined environment
    • Demonstrable experience of security related incidents and work requests
  • Familiarity with industry leading security products
  • Knowledge of SIEM toolsets
  • Knowledge of Full Packet Capture toolsets
  • Knowledge of Intrusion Detection Systems
  • Familiar with methods for ethical security hacking/penetration testing
  • Familiar with the tools and techniques used by hackers
  • Experience of working within a change control and incident management environment
  • Detailed internet, networking, and computer knowledge
  • Understanding of systems administration
  • Experienced intrusion detection and vulnerability analysis.
  • Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis
  • Excellent written and oral communication skills
  • Experience of UK HMG information security processes and policies.
  • Experience with security testing tools, development of threat assessments and security testing methodologies would be advantageous.  
    • Knowledge and experience of Computer Forensics
    • Be a successful mentor for junior analysts
    • Competent at writing SOC processes and procedures
    • Qualifications / accreditations by relevant organisations, eg GIAC, CREST, Certified Ethical Hacker
Technical & Specialist Knowledge
Must have:
  • Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills.
  • Excellent understanding of networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Security incident management and control
  • Understanding of the Domain Name System (DNS)
  • Detailed understanding of packet structure and packet header fields
  • Understanding of fragmentation
  • Ability to create custom Snort rules
  • Knowledge of IDS/IPS management and architecture issues
  • Understanding of NIDS evasion, insertion, and checksums
  • Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging
  • TCP Dump fundamentals and knowledge of writing filters
  • Wireshark fundamentals
  • Solid understanding of HEX
  • Working knowledge of at least four of the following:
    • Client server applications
    • Multi-tier web applications
    • Relational databases
    • Firewalls
    • Virtual private networks
    • Cryptography including PKI, SSL/TLS and IPSEC
    • Microsoft Exchange & Outlook
    • Enterprise anti-virus product sets
  • Forensic log monitoring
  • Knowledge of CESG product sets
  • Good understanding of Microsoft protocols
Security Criteria to be achieved:
  • MOD SC Clearance with suitable criteria and willingness for DV clearance if required
  • Other security clearances as contracts demand
    • E.g. Met Police security clearance
  • Ability to travel between sites will be required.
  • You will also be required to participate in a standby and callout rota to ensure 24 hour, 7 day a week service delivery to the business.

Apply for this job

Please note, all fields are compulsory.

If you don't have your cv to hand you can upload this at a later date.

You can upload your cv now or at a later date through your profile page.

NRL will use your personal details to contact you during the process of job applications and to directly inform you of job vacancies & other group services where applicable. Please view our Privacy Policy.

Once registered, you can change your communication preferences at any time from your account page. For more information, please view our privacy policy