The successful candidate will be required to use their knowledge of NIPS / FPC
technologies and cyber security techniques to support and maintain these
security technologies within the deployment of a complex cyber implementation.
The role requires the ability to support, maintain, troubleshoot and tune the
security devices, working in conjunction with other cyber security specialists
as an integral part of a wider system implementation.
You will be responsible for working with the security event analysts and the
tools specialists to help tune the security tools for optimum performance.
Ensuring that all specialist applications such as event correlation (and its
associated remote data collection feeds), network discovery, network traffic
pattern/flow analysis, mail content checking, extrusion detection and on-line
computer forensics tools are installed, configured and operational.
will include deep configuration and administration of a range of cyber defence
specialist tools, primarily focussed on Network Intrusion Protection (NIPS) and
Full Packet Capture (FPC).
This role will include deep configuration and administration of a range of cyber defence specialist tools, primarily focussed on Network Intrusion Protection (NIPS) and Full Packet Capture (FPC).
additional responsibilities will include the following:
- Ensuring that all specialist
applications such as event correlation (and its associated remote data
collection feeds), network discovery, network traffic pattern/flow
analysis, mail content checking, extrusion detection and on-line computer
forensics tools are installed, configured and operational
- Maintain keen understanding of
evolving Internet threats to ensure the security.
- Write technical articles for
internal knowledge base.
- Participate in knowledge sharing
with other analysts and develop solutions efficiently.
- Coordinate or
participate in individual or team projects.
- Motivated, self-managed individual
who is willing to help design and adapt a constantly evolving service.
Someone who can demonstrate above average analytical skills and liaise
professionally with peers and stakeholders, even under pressure.
- Sound knowledge of IT security
best practice, common attack types and detection / prevention methods.
- Demonstrable experience of
analysing and interpreting system, security and application logs in order
to diagnose faults and spot abnormal behaviours
- Experience of maintaining a secure
enterprise network through configuring and managing typical Security
Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO.
Knowledge of Sourcefire/Snort.
- In depth experience of other
common devices, such as routers, switches, hubs.
- Must be capable of communicating
clearly with team members and other analysts.
- Able to demonstrate reading,
writing and spoken English to level III as a minimum. (B1 of the Council
of Europe/Association of Language Testers in Europe official levels)
- Good understanding of application
protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP,
- Experienced with integrating
existing IT infrastructures into a SIEM / SOC solution from inception
through to support.
- Understanding of various SOC
standards and reporting requirements i.e. GPG13.
- Experience implementing SOC reporting
- Experience with SOC automation and
workflow products such as Archer GRC.
- Exposure to IT service management
best practices such as ITIL.
- Experience of using and
administering SIEM and Log Management tools such as ArcSight ESM, Q1
Radar, ArcSight Logger, RSA EnVision or LogLogic.
- Experience of using and
administering security tools such as Sourcefire, Symantec Endpoint
Protection, RSA Security Analytics and/or TrendMicro products.
- Knowledge of software engineering
including programming and/or scripting knowledge. Python, shell scripting,
- A solid understanding of
Information Security Practices; relating to the -
- Confidentiality, Integrity and
Availability of information (CIA triad.)
- Ability to manage workload for
themselves and the team in pressurised environments to Time, Quality and
- Ability to undertake International
- Aptitude to learn new skills