Location: Basingstoke
Department: Group IT
Reporting to: Chief Security and Information Officer
Job Objective
* Acknowledge, analyse and validate incidents triggered from correlated via analysis and various tools
* Acknowledge, analyse and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc.
* Collection of necessary logs that could help in the incident containment and security investigation
* Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers
* Escalate validated and confirmed incidents to CISO
* Undertake first stages of false positive and false negative analysis
* Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, appliances, AV and antimalware software, email security etc.
* Open incidents. Analyst should properly include for each incident on all details related to the logs, alarms and other indicators identified, with the intervention protocol.
* Track and update incidents
* Research and analyse security incidents and provide insight into how to detect and resolve them
* Report infrastructure issues to the infrastructure team.
* Help develop platforms and tools to automate and improve security posture across the group
* Help improve and develop documentation.
Skills and Competencies Required
* Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, EDR/XDR, mail filtering and other security products
* Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM preferred
* Should have expertise on TCP/IP network traffic and event log analysis
* Network Troubleshooting skills required.
* Knowledge and hands-on experience in penetration testing/vulnerability scanning, security tools like tenable Nessus, kali Linux
* Knowledge of ITIL disciplines such as Incident, Problem and Change Management
* Experience of infrastructure design and management in mission critical environments preferred.
* Understanding of Virtual Infrastructure and windows environments preferred
* Effective communication, organizational, problem-solving and presentation skills
* Self-motivated and, in time while supported, able to work with minimal supervision.
* Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership.
* Knowledge of ISO27001, CE, CE+
Key Tasks
* Security assessments:Create and perform security assessments and threat models
* Security standards:Develop, implement & maintain security standards and plans
* Vulnerability Management:Research weaknesses and find ways to counter them
* Security incident response:Respond to attack vectors and security incidents, and coordinate incident response across teams
* Security software testing:Test company software, firmware, and firewalls
* Security software design:Design software security systems like intrusion detection systems and firewalls
* Security system maintenance:Maintain and proof network security systems
* Security system analysis:Analyse security systems and seek improvements on a continuous basis
#J-18808-Ljbffr