I am currently seeking further SOC analysts / SIEM Analysts to work in a growing and flexible SOC environment, working on both government and more commercial environments.
You will directly contribute to technology choices, their implementation and setup, designing the solution, developing the relationship with the suppliers and demonstrating the capability operationally and communicating that to the wider IT environment.
Some of you responsibilities will include (but not limited to)
" Analyse and investigate security events from various sources;
" Manage security incidents through all phases of the incident response process through to closure;
" Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies for even detection and analysis.
" Update tickets, write incident reports and document actions for false positive reduction;
" Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures;
" Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
" Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture;
" Maintain and support the operational integrity of SOC toolsets
" Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner;
Qualifications and Experience:
" Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills.
" Understanding of the Domain Name System (DNS)
" Detailed understanding of packet structure and packet header fields
" Ability to create custom Snort rules Knowledge of IDS/IPS management and architecture issues
" Understanding of NIDS evasion, insertion, and checksums
" Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging
" TCP Dump fundamentals and knowledge of writing filters
" Wireshark fundamentals
" Demonstrable experience of security related incidents and work requests
" Knowledge of SIEM toolsets
" Knowledge of Full Packet Capture toolsets
" Knowledge of Intrusion Detection Systems
" Familiar with methods for ethical security hacking/penetration testing
" Familiar with the tools and techniques used by hackers Experience of working within a change control and incident management environment Detailed internet, networking, and computer knowledge
" Experienced intrusion detection and vulnerability analysis.
“Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis
" Excellent written and oral communication skills