SIEM / Incident SME
CONTRACTOR MUST HOLD DV CLEARANCERole Title: SIEM / Incident SMELocation: Hybrid onsite in one of the following locations 2/3 days per week - Corsham, Portsmouth or NorthallertonDuration: 6 MonthsRole Description:Main Tech Skills required are ELK (Elastic, Logstash, Kibana) and TaniumThe Cyber role is to join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of junior analysts, monitoring networks to actively remediate unauthorised activities.Your role:* Develop and integrate security event monitoring and incident management services.* Respond to security incidents as they occur as part of an incident response team.* Implement metrics and dashboards to give visibility of the Enterprise infrastructure.* Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.* Produce documentation to ensure the repeatability and standardisation of security operating procedures.* Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis.* Maintain a baseline of system security according to latest threat intelligence and evolving trends.* Participate in root cause analysis of incidents in conjunction with engineers across the enterprise.* Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.* Offer strategic and tactical security guidance including valuation requirement of technical controls.* Be part of the CRM process* Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident.* Document, validate and create operational processes and procedures to help develop the SOC.* Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.* Build, install, configure, and test dedicated cyber defence hardware.* Support Junior Analysts to manage SOC systems.* Previous experience of Enterprise ICS/network architectures and technologies* Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.* Experience as a mentor/coach to junior analystsYour profile:* Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks* Skilled in maintaining Microsoft directory services.* Skilled in using virtualisation software.* Knowledge of key security frameworks (e.g. ISO, NIST 800-53, 800-171, 800-172, C2M2)* Excellent communication skills* Experience of writing Defence/Government documentation
Desirable Qualifications:* Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)* SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)* Advanced Analyst Course (SANS SEC503 or equivalent)
If this role is of interest to you, and you hold an active DV clearance - please apply now!
Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.