Security Analyst (Incident)

Our client, a large government customer, are seeking a Security Analyst (Incident) to join their team. The role is based in Corsham with travel to other sites. The role requires DV clearance.

Requirements are scheduled to run until 30/09/2023 and offer a rate up to £525/day

IR35 STATUS: Inside IR35. Our client has indicated that they intend to operate the engagement as Inside IR35. Candidates would be required to operate through an umbrella company on this engagement. The rates above represent rate payable to the umbrella co.

DEADLINE FOR SUBMISSIONS: 23/09/2022 at 15:00

Overview

The Security Analyst (Incident) is responsible for delivering outcomes across the OpNET platform. The Security Analyst (Incident) is critical for the deployed environment, ensuring that operational security processes are enacted at every level.

The Security Analyst (Incident) reports to the Security Manager (Incident) and is responsible for:

• Detecting and responding to malicious behaviour across all platform components including workstations, servers, and network devices.
• Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
• Reviewing and responding to escalated security events.
• Proactively hunting threats within the OpNET environment.
• Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
• Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
• Conducting forensic analysis on systems and engaging third-party resources as required.
• Ensuring incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
• Ensuring compliance to SLAs and KPIs, process adherence and process improvisation to achieve operational objectives.
• Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
• Revising and developing processes to strengthen the DETECT and RESPOND delivery.
• Initiation of corrective action where required.
• Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
• Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
• Co-ordination with stakeholders (both internally within DPS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.
• Routine governance and compliance audits, and accreditation activities.

Minimum Requirements

• Hold current DV clearance.
• Strong hands-on experience of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onion v2).
• Hands-on experience on a variety of scanning tools when required to investigate from tools specifically (tools including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee ePO, Tanium, Tripwire and Whats Up Gold).
• Experience in forensics, malware analysis, threat intelligence.
• Ability to understand, modify and create threat detection rules within a SIEM.
• Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.

Desirable Qualifications

• CompTIA A+.
• CompTIA Security+.
• CompTIA CySA+.
• CompTIA PenTest+.
• MCSE.
• SANS 504 - Incident Handling.
• SANS 503 – Intrusion Analyst.
• SANS 511 – Continuous Monitoring.

Candidate Eligibility

Candidates must be eligible to work in the UK, this role will not offer Visa sponsorship. Tier 2 – General visas cannot be accepted.

Other Job Postings

Visit https://quast.workable.com for all current Quast recruitment job vacancies.