SIEM / Incident SME / Cyber Defence Analyst

SIEM / Incident SME / Cyber Defence Analyst

Posted 2 weeks ago by Trust in SODA

£550 Per day
Undetermined
Onsite
Bristol

Job description








SIEM / Incident SME / Cyber Defence Analyst - DV CLEARANCE

Start Date: ASAP - We can accommodate a reasonable notice period

Contract Length: 6 -12 months + Extension

Location: Hybrid, Several locations available. Corsham, Portsmouth & Northallerton.

Pay: 500 - 550 per day inside the IR35. This rate can be quite flexible. Please apply and share your rate if it doesn't fall within this bracket.

I am working with a leading global consultancy that is looking for a SIEM / Incident SME that holds active DV Clearance to lead a project in their security operations center.

Ideally, we are looking for someone who would be able to start this project as soon as possible, however, we can accommodate a reasonable notice period.

Role Description:

You will join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of junior analysts, monitoring networks to actively remediate unauthorised activities.

Your role

  • Develop and integrate security event monitoring and incident management services.
  • Respond to security incidents as they occur as part of an incident response team.
  • Implement metrics and dashboards to give visibility of the Enterprise infrastructure.
  • Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.
  • Produce documentation to ensure the repeatability and standardisation of security operating procedures.
  • Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis.
  • Maintain a baseline of system security according to latest threat intelligence and evolving trends.
  • Participate in root cause analysis of incidents in conjunction with engineers across the enterprise.
  • Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.
  • Offer strategic and tactical security guidance including valuation requirement of technical controls.
  • Be part of the CRM process
  • Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident.
  • Document, validate and create operational processes and procedures to help develop the SOC.
  • Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.
  • Build, install, configure, and test dedicated cyber defence hardware.
  • Support Junior Analysts to manage SOC systems.

Your profile

  • Previous experience of Enterprise ICS/network architectures and technologies
  • Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.
  • Experience as a mentor/coach to junior analysts
  • Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks
  • Skilled in maintaining Microsoft directory services.
  • Skilled in using virtualisation software.
  • Knowledge of key security frameworks (e.g. ISO, NIST 800-53, 800-171, 800-172, C2M2)
  • Excellent communication skills
  • Experience of writing Defence/Government documentation

Desirable Qualifications:

  • Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)
  • SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
  • Bonus - Advanced Analyst Course (SANS SEC503 or equivalent)

If this looks like you, please get back to me with your updated CV !