- Location: London, London
- Rate: Up to 400.00
- Start Date: 05/08/2019
- Duration: 52 weeks
Security Operations Analyst – 12 months – £400 per day – London – SC Cleared
Your key responsibilities:
1. Responsible of analysing and investigating security related logs against security threats and defined IoCs.
2. Conduct Threat hunting activities to identify security threats and IoCs and recommend action plan to minimise the impact of the threat
3. Ensure timely accurate tailored remediation and countermeasure communications to internal and external teams regarding intrusions and compromises to on-boarded host and network infrastructure, applications and operating systems
4. Assist On-boarded entities CSIRT with the implementation of countermeasures or mitigating controls
5. Make recommendations to improve operational effectiveness and efficiency within the GSOC Operations
6. Monitor and analyse advanced threat events, Security Incident and Event Management (SIEM) and User Behaviour and Analytics (UBA) toolsets and event logs to identify security indicator of compromise, attacks and threats for remediation and/or suppression
7. Assist in Computer Security Incident Response activities; work with various lines of security analysts (internal and external) to identify various malicious threats.
8. Where necessary, ensure incidents are appropriately generated, prioritised in line with defined criteria and dispatch incidents to the relevant on-boarded entities or local CSIRTs
9. Recognise potential, successful, and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
10. Develop and write reports that analyse threat and IoCs with impact and recommended actions
1. +5 years' experience in security operations, security analytics and hunting role
2. +4 years' experience in Investigative or Incident Response environments
3. Excellent knowledge of Computer Networking and IT Security
4. Excellent knowledge of common operating systems (eg, Windows, Linux and Unix)
5. Good knowledge of Log and Data analytics solution Splunk, Exabeam, ELK or similar
6. Good oral and written communication in English (with Arabic an advantage)
7. Excellent knowledge of security solutions and technologies, including: Linux, Network architecture/implementation/configuration experience and knowledge of packet flow/TCP/UDP traffic Firewall technologies, Proxy technologies, EDR, spam and spyware solutions (Gateway and SaaS) Malware/security experience
8. Strong Hosts and Networks troubleshooting skills
9. Demonstrated ability to make decisions on remediation and countermeasures for challenging information security threats
10. Monitoring and collecting information on security incidents from large organisations.
1. Decision making and risk management
2. Customer orientation, Team work and leadership
3. Problem solving and Process excellence
4. Results orientation and execution excellence
5. Professional development – Keep up-to-date with information security news, techniques, and trends.
Qualification and Certification:
* SANS Hacker Tools, Techniques, Exploits, and Incident Handling – GCIH
* SANS Intrusion Detection in Depth – GCIA
* Good level of understanding and experience with programming or Scripting languages (C/C++, Java, Python, Go, etc) – (Desired)
* CISM or CISSP (Desired).
If you are interested in this opportunity, please apply now with your updated CV in word/PDF format.
Notwithstanding any guidelines given to level of experience sought, we will consider candidates from outside this range if they can demonstrate the necessary competencies.
Square One is acting as both an employment agency and an employment business, and is an equal opportunities recruitment business. Square One embraces diversity and will treat everyone equally: Please see our website for our full diversity statement.