OpNet Security Engineer - Incident Vulnerability

Our client, a large government customer, are seeking an OpNet Security Engineer – Incident Vulnerability to join their team. The role is based in Corsham with travel to other sites. The role requires SC clearance with the willingness to obtain DV clearance.

Requirements are scheduled to run until 30/09/23 and offer a rate up to £525/day

IR35 STATUS: Inside IR35. Our client has indicated that they intend to operate the engagement as Inside IR35. Candidates would be required to operate through an umbrella company on this engagement. The rates above represent rate payable to the umbrella co.

DEADLINE FOR SUBMISSIONS: 23/09/2022 at 15:00

Overview

The DPS SOC Security Engineer (Incident & Vulnerability) is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Engineer (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level. The Security Manager (Incident & vulnerability) reports to the Operational Security Manager and is responsible for the People, Processes and Technology (P2T) that delivers the PROTECT, DETECT and RESPOND controls within the NIST Cyber Security Framework.

Main Responsibilities

• The day-to-day maintenance of the SOC PROTECT, DETECT and RESPOND tool sets.
• Support to the development, implementation and configuration of new or revised SOC tooling.
• Optimisation and automation across tooling to fully support the PROTECT, DETECT and RESPOND functions.
• Full tooling visibility, and independent assurance, that all assets are visible and managed within the OpNET DCO security wrap.
• Responsible for vulnerability scanning tooling, planning, and contribution to wider SOC strategy.
• Responsible for integration of standard and non-standard logs in SIEM.
• Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
• Ensuring Vulnerability identification (including IOCs), assessment, quantification, reporting, Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
• Reviews and response to request for changes to SOC tooling, logging and monitoring.
• Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
• Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
• Conducting forensic analysis on systems and engaging third-party resources as required.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
• Ensuring compliance to SLAs and KPIs, process adherence and process improvisation to achieve operational objectives.
• Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
• Revising and developing processes to strengthen the PROTECT, DETECT and RESPOND delivery.
• Initiation of corrective action where required.
• Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
• Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
• Co-ordination with stakeholders (both internally within DPS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.

Required (minimum):

• Hold current SC clearance and willing to DV.
• Strong hands-on experience in the implementation, maintenance and configuration of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onion v2).
• Experience in forensics, malware analysis, threat intelligence.
• Exposure and hands on experience of a variety of SIEM and SOAR platforms (including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee EPO, Tanium, Tripwire and Whats Up Gold).
• Ability to understand, modify and create threat detection rules within SIEM.
• Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards.
• Knowledge and experience with the Windows and Linux operating systems.
• Experience using Python, Perl, PowerShell, BASH or an equivalent language.
• Experience with network forensics and associated toolsets and analysis techniques.
• Ability to reverse engineer malware and then creating IOCs and rules for the SIEM.
• Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
• Able to tune correlation rules and outcomes via SIEM and SOAR platforms.
• Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs).
• Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
• Technical understanding of current cybersecurity threats and trends.
• MITRE ATT&CK adversarial framework.
• ITILv3/v4 Foundation.

Desirable qualifications:

• CompTIA A+.
• CompTIA Security+.
• CompTIA CySA+.
• CompTIA PenTest+.
• MCSE.
• SANS 504 - Incident Handling.
• SANS 511 - Continuous Monitoring.

Candidate Eligibility

Candidates must be eligible to work in the UK, this role will not offer Visa sponsorship. Tier 2 – General visas cannot be accepted.

Other Job Postings

Visit https://quast.workable.com for all current Quast recruitment job vacancies.