W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9uzwnobmljagugbmv3l2pwzy9iyw5uzxitzgvmyxvsdc5qcgcixv0

Security Analyst (SOC Consultant)

Techniche are working with a Global Engineering & Technology organisation who are involved in cyber defence, physical defence & critical asset projects.

Holing Valid & Existing SC Security Clearance is essential to start this assignment

We are seeking a Security Analyst to take the role of Security Operations Centre Analyst for a long term contract assignment. This role will also involve travel throughout the UK and flexibility with out of hours availability.

Location: Home Based during Covid19 (at least the next 3-6 months)

Start Date: ASAP (remote interviews phone/skype, remote IT setup)

Rate: £450-500 per day (outside of IR35)

Experience Required:

  • Experience as a Security Analyst 
  • A proven track record of delivery in a multi-disciplined environment
  • Demonstrable experience of security related incidents and work requests
  • Familiarity with industry leading security products
  • Knowledge of SIEM toolsets
  • Knowledge of Full Packet Capture toolsets
  • Knowledge of Intrusion Detection Systems
  • Familiar with methods for ethical security hacking/penetration testing
  • Familiar with the tools and techniques used by hackers
  • Experience of working within a change control and incident management environment
  • Detailed internet, networking, and computer knowledge
  • Understanding of systems administration
  • Experienced intrusion detection and vulnerability analysis.
  • Experience with network analysis tools like network sniffers, TCPDUMP or Wireshark. Proven ability within network traffic analysis
  • Excellent written and oral communication skills

 

Technical Knowledge

  • Operating systems and system administration skills in at least one of the following (Windows, Solaris, Linux) including good command line skills.
  • Excellent understanding of networking principles including TCP/IP, WAN's, LAN's, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP Security incident management and control
  • Understanding of the Domain Name System (DNS)
  • Detailed understanding of packet structure and packet header fields
  • Understanding of fragmentation
  • Ability to create custom Snort rules Knowledge of IDS/IPS management and architecture issues
  • Understanding of NIDS evasion, insertion, and checksums
  • Understanding of Snort fundamentals including configuration, GUIs, sensor management, performance, active response and tagging
  • TCP Dump fundamentals and knowledge of writing filters
  • Wireshark fundamentals
  • Solid understanding of HEX


The Role:

To work within the Security Operations Centre (SOC) as an Analyst with a responsibility to identify, notify and respond to security threats across the large and distributed IT estate To carry out forensic analysis on IT systems and work with various resolver groups to ensure the timely mitigation of security incidents.  To work on both Commercial and HM Government environments.

Responsibilities:

  • Analyse and investigate security events from various sources;
  • Manage security incidents through all phases of the incident response process through to closure;
  • Check system vulnerabilities and recommend remedial action to be taken by resolver groups;
  • Provide system security advice to  system management, system staff and users;
  • Update tickets, write incident reports and document actions for false positive reduction;
  • Post incident review for ‘lessons learned’. This includes updating tools, processes and plans for incident response and increasing the effectiveness of detection systems as well working with other resolver groups to ensure similar attacks won’t succeed in the future;
  • Developing knowledge of attack types and fine tuning detective capabilities such as writing Snort/Sourcefire signatures;
  • Identifying log sources and examining system logs, which should record sufficient details about the normal activities of the system to allow a history of events to be reconstructed, making use of appropriate forensic techniques and technologies;
  • Undertake computer forensic investigations. Such as examining running processes, identify network connections on a host, examining log data, disk imaging and memory capture; 
  • Using SIEM, Full Packet Capture, Intrusion Detection, Vulnerability Scanning and Malware analysis technologies  for  even detection and analysis.
  • Evolving the capability and value of the toolsets by defining and improving the reports, dashboards, alerts, signatures and Intelligence sources
  • Identify Intelligence source correlation opportunities to facilitate early detection of a security event or incident;
  • Maintain and support the operational integrity of SOC toolsets
  • Maintain an awareness of current threat trends, events and technology vulnerabilities
  • Monitor the back-up and recovery of relevant system security information;
  • Proactively pursue, validate and report any system security loopholes, infringements and vulnerabilities that may come to light, to the Security Operations Centre Manager in a timely manner;
  • Where requested initiate any security investigation into possible security breaches, which may involve HMG protectively marked information;
  • Participate in knowledge sharing and undertake incident response exercises;
  • Evaluate and implement intelligence regarding new threats and vulnerabilities and ensure detective controls are updated to detect new attacks;    
  • Ensure the proper custody of magnetic media and other system documents