W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9tb3jzb24vanbnl2jhbm5lci1kzwzhdwx0ltmuanbnil1d

Home

Search results / Cyber Security /

SOC Analyst

SOC Analyst

  • Location:

    Portsmouth, Hampshire

  • Job type:

    Contract

  • Sector:

    Cyber Security

  • Salary:

    Up to £376.85 per hour

  • Contact:

    Jonathan Tranter

  • Contact email:

    Jonathan.Tranter@morson.com

  • Job ref:

    176152JTR_1587740710

  • Published:

    about 1 month ago

  • Expiry date:

    2020-06-19

  • Start date:

    asap

SOC Analyst

Location: Portsmouth, Hampshire

Duration: 6 Months

Rate: £376.85 per day (PAYE)

IR35 Status: Inside IR35

Our Portsmouth based client require as SOC Analyst to join the team on an initial 6 month contract basis, with a responsibility to identify, notify and respond to security threats across a large and distributed IT estate - To carry out forensic analysis on internal IT systems and work with various resolver groups to ensure the timely mitigation of security incidents. To work on both Commercial and HMG environments to the policies set by the Information Assurance team.

Major Tasks and Activities

  • Analyse and investigate security events from various sources;
  • Manage security incidents through all phases of the incident response process through to closure;
  • Check system vulnerabilities and recommend remedial action to be taken by resolver groups;
  • Provide system security advice to system management, system staff and users;
  • Update tickets, write incident reports and document actions for false positive reduction;
  • Post incident review for 'lessons learned'. This includes updating tools, processes and plans for incident response and increasing the effectiveness of detection systems as well working with other resolver groups to ensure similar attacks won't succeed in the future;
  • Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures;
  • Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
  • Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture;
  • Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies for even detection and analysis.
  • Evolving the capability and value of the toolsets by defining and improving the reports, dashboards, alerts, signatures and Intelligence sources
  • Identify Intelligence source correlation opportunities to facilitate early detection of a security event or incident;
  • Maintain and support the operational integrity of SOC toolsets
  • Maintain an awareness of current threat trends, events and technology vulnerabilities
  • Monitor the back-up and recovery of relevant system security information;
  • Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner;
  • Where requested initiate any security investigation into possible security breaches, which may involve HMG protectively marked information;
  • Participate in knowledge sharing and undertake incident response exercises;
  • Evaluate and implement intelligence regarding new threats and vulnerabilities and ensure detective controls are updated to detect new attacks;
  • Ensure the proper custody of magnetic media and other system documents
  • Maintain the above using the appropriate Change Management and Incident Response processes.

Key Outputs/Deliverables

  • Timely reporting of incidents to the Security Operations Centre Manager and Information Assurance team
  • Identify Security Breaches as soon as reasonably possible and take appropriate action
  • Up to date records and logs maintained
  • Improvements to detective controls
  • System security maintained

Person Specification

  • Experience as a Security Analyst
  • A proven track record of delivery in a multi-disciplined environment
  • Demonstrable experience of security related incidents and work requests
  • Familiarity with industry leading security products
  • Knowledge of SIEM toolsets
  • Knowledge of Full Packet Capture toolsets
  • Knowledge of Intrusion Detection Systems
  • Familiar with methods for ethical security hacking/penetration testing
  • Familiar with the tools and techniques used by hackers
  • Experience of working within a change control and incident management environment
  • Detailed internet, networking, and computer knowledge
  • Understanding of systems administration
  • Experienced intrusion detection and vulnerability analysis.
  • Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis
  • Excellent written and oral communication skills

Desirable:

  • Experience of UK HMG information security processes and policies.
  • Experience with security testing tools, development of threat assessments and security testing methodologies would be advantageous.
  • Knowledge and experience of Computer Forensics
  • Be a successful mentor for junior analysts
  • Competent at writing SOC processes and procedures
  • Qualifications / accreditations by relevant organisations, eg GIAC, CREST, Certified Ethical Hacker

Technical & Specialist Knowledge

  • Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills.
  • Excellent understanding of networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Security incident management and control
  • Understanding of the Domain Name System (DNS)
  • Detailed understanding of packet structure and packet header fields
  • Understanding of fragmentation
  • Ability to create custom Snort rulesKnowledge of IDS/IPS management and architecture issues
  • Understanding of NIDS evasion, insertion, and checksums
  • Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging
  • TCP Dump fundamentals and knowledge of writing filters
  • Wireshark fundamentals
  • Solid understanding of HEX

Desirable:

  • Working knowledge of at least four of the following:
    • Client server applications
    • Multi-tier web applications
    • Relational databases
    • Firewalls
    • Virtual private networks
    • Cryptography including PKI, SSL/TLS and IPSEC
    • Microsoft Exchange & Outlook
    • Enterprise anti-virus product sets
  • Forensic log monitoring
  • Knowledge of CESG product sets
  • Good understanding of Microsoft protocols

Security Criteria to be achieved:

  • MOD SC Clearance with suitable criteria and willingness for DV clearance if required
  • Other security clearances as contracts demand
    • g. Met Police security clearance

Interested? - Hit Apply

Save job