Full-Time Information Security Analyst (2016)
Information Security team is responsible, working in a 24×7 environment providing support for the Security Operations Analyst and acting as the primary escalation point. The Information Security Analyst will also be required to participate in Incident Management Bridges and be able to coordinate with internal and external teams to rapidly resolve incidents. Team members should have comprehensive knowledge and understanding of security threats, vulnerabilities and exploits.
The role is to provide analysis of information from a myriad of events generated by Application, Networking and Security tools globally, to pass that information to designated escalation points and advise on remediation where appropriate. Candidates need to have a good understanding of Operating System Technologies and/or network technologies. A knowledge of security fundamentals is essential along with an overall appreciation of Security technologies and how they are used.
The main responsibilities of a Security Analyst are as follows:
- Monitor the Security Management consoles
- Analyse real-time and archived alert, intrusion, vulnerability and audit data
- Investigate and document security incidents, ruling out false positives
- Correctly triage incidents
- Recommend further course of action to designated Security Manager and/or resolver groups, following a security incident
- Appropriately prioritise and escalate incidents to next level (as outlined in Global Incident Management Policy) when required
- Act as initial Security representative on Incident Management Bridges
- Produce security summary and activity reports as required
- Contributes to project and/or development activities as designated by the SOC Manager
- Ensure security tools are running correctly
- Provides assistance to other SecOps team members
- Identify research and report on network traffic for the purposes of security device tuning (Security Event Management, IPS, AV, etc.)
Tier 2 / 3 specific additional responsibilities
- Identify major or common attacks and reconnaissance techniques that are identifiable in the payload of suspicious network traffic
- Identify areas where tuning and parameter adjustment of security tool solutions are required (i.e. filtering of an event, writing correlation rules)
- Identify requirements for additional data collection in order to execute investigations into security incidents
- Create and update procedures, self help articles, including the SOC Neo community spaces.
- Maintain a shift handover blog.
- Monitor security news groups.
- Any other duties as designated by the SOC Manager or their authorised deputies.
- Applicants should be able to take information from multiple sources to identify incidents/events, and articulate and/or document the information in a clear and concise manner.
- They should be calm and able to continue to provide a good service when under pressure
- A clear understanding of Server and Desktop Operating Systems (OS). The ability to interpret OS log data would be beneficial.
- A clear understanding of basic network protocols. The ability to analyse and interpret network traffic is essential.
- 4+ years in technology
- 3+ years in security
- Solid understanding of Network and Host-based security principles.
- Solid understanding of Linux and Windows.
- Knowledge of security technologies including: firewall, IDS/IPS/HIDS, AV, SIEM, vulnerability scanning.
- Understanding of incident response methodologies and technologies.
- Good understanding of Industry trends and emerging threats.
- In depth knowledge of Malware and protection capabilities
- An ability to build strong relationships with internal teams, and senior leadership, is essential.
- Must have concise, detail-oriented approach to written/verbal communications and documentation.
- Ability to handle fluctuating workloads, conflicting priorities and concurrent activities.
Formal education or equivalent experience (note: this is the minimum requirement. Equivalent experience in lieu of a formal degree should be listed.)
- Bachelor’s degree or appropriate combination of education and experience.
- One of or combination of: CEH / ECSA / Security+ / GCIA / GCIH / GSEC or other similar qualification. (other qualifications helpful such as MCSE, RHCE)
- ITIL V3 Foundations highly preferred.
- Above all, must have a passion for Security.
How to ApplyPlease click on the link to apply - http://pearsonlankavacancies.peopleshr.com/
356 total views, 2 today