<p><span>Information Security Analyst </span></p> <p><span><strong>Background:</strong></span></p> <p>The Security Operations Centre delivers multiple Managed Security Services, both leveraged and dedicated, to a large number of accounts.</p> <p><span><strong>Role Description:</strong></span></p> <p>The role is to provide analysis of information from a myriad of events generated by Application, Networking and Security tools globally, to pass that information to designated escalation points and advise on remediation where appropriate. Candidates need to have a good understanding of Operating System Technologies and/or network technologies. A knowledge of security fundamentals is essential along with an overall appreciation of Security technologies and how they are used.</p> <p><span><strong>Main Responsibilities:</strong></span></p> <p>The main responsibilities of a Security Analyst are as follows:</p> <ul> <li>Monitor the Security Management consoles</li> <li>Analyse real-time and archived alert, intrusion, vulnerability and audit data</li> <li>Investigate and document security incidents, ruling out false positives</li> <li>Correctly triage incidents</li> <li>Recommend further course of action to designated Security Manager and/or resolver groups, following a security incident</li> <li>Appropriately prioritise and escalate incidents to next level (as outlined in Global Incident Management Policy) when required</li> <li>Act as initial Security representative on Incident Management Bridges</li> <li>Produce security summary and activity reports as required</li> <li>Contributes to project and/or development activities as designated by the SOC Manager</li> <li>Ensure security tools are running correctly</li> <li>Provides assistance to other SecOps team members</li> <li>Identify research and report on network traffic for the purposes of security device tuning (Security Event Management, IPS, AV, etc.)</li> </ul> <p><span>Tier 2 / 3 specific additional responsibilities</span></p> <ul> <li>Identify major or common attacks and reconnaissance techniques that are identifiable in the payload of suspicious network traffic</li> <li>Identify areas where tuning and parameter adjustment of security tool solutions are required (i.e. filtering of an event, writing correlation rules)</li> <li>Identify requirements for additional data collection in order to execute investigations into security incidents</li> <li>Create and update procedures, self help articles, including the SOC Neo community spaces.</li> <li>Maintain a shift handover blog.</li> <li>Monitor security news groups.</li> <li>Any other duties as designated by the SOC Manager or their authorised deputies.</li> </ul> <p><span><strong>Key Attributes:</strong></span></p> <ul> <li>Applicants should be able to take information from multiple sources to identify incidents/events, and articulate and/or document the information in a clear and concise manner.</li> <li>They should be calm and able to continue to provide a good service when under pressure</li> </ul> <p><span><strong>Competencies:</strong></span></p> <ul> <li>A clear understanding of Server and Desktop Operating Systems (OS). The ability to interpret OS log data would be beneficial.</li> <li>A clear understanding of basic network protocols. The ability to analyse and interpret network traffic is essential.</li> <li>4+ years in technology</li> <li>3+ years in security</li> <li>Solid understanding of Network and Host-based security principles.</li> <li>Solid understanding of Linux and Windows.</li> <li>Knowledge of security technologies including: firewall, IDS/IPS/HIDS, AV, SIEM, vulnerability scanning.</li> <li>Understanding of incident response methodologies and technologies.</li> <li>Good understanding of Industry trends and emerging threats.</li> <li>In depth knowledge of Malware and protection capabilities</li> </ul> <p><span><strong>Abilities:</strong></span></p> <ul> <li>An ability to build strong relationships with internal teams, and senior leadership, is essential.</li> <li>Must have concise, detail-oriented approach to written/verbal communications and documentation.</li> <li>Ability to handle fluctuating workloads, conflicting priorities and concurrent activities.</li> </ul> <p><span><strong>Qualifications: </strong></span></p> <p>Formal education or equivalent experience (note: this is the minimum requirement. Equivalent experience in lieu of a formal degree should be listed.)</p> <ul> <li>Bachelor’s degree or appropriate combination of education and experience.</li> <li>One of or combination of: CEH / ECSA / Security+ / GCIA / GCIH / GSEC or other similar qualification. (other qualifications helpful such as MCSE, RHCE)</li> <li>ITIL V3 Foundations highly preferred.</li> <li>Above all, must have a passion for Security.</li> </ul> <p> </p> <p>Please click on the link to apply - http://pearsonlankavacancies.peopleshr.com/</p>