Back to search
On site Stevenage
Inside IR35
Due to timescale of the project the ideal candidate will hold Active Security Clearance
24/7 Desk 12 hour shifts days 7am-7pm days or 7pm-7am nights
The Candidate
- Experience with LogRhythm/ Splunk, Darktrace (Threat Visualizer) and FireEye (EX, NX, HX, CMS) is required.
- Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S.
- Knowledge or experience with any of the following is a plus: Observe IT, Symantec MessageLabs, IronPort, Splunk Phantom and Recorded Future.
- Experience or demonstrable knowledge in Incident response, log analysis and PCAP analysis
- Good level of understanding in the approach threat actors take to attacking a network; phishing, port scanning, web application attacks, DDoS, lateral movement.
- Knowledge in Windows and/or Linux operating systems, how to investigate them for signs of compromise.
- Ability to demonstrate the right approach to investigating alerts and/or indicators and document your findings in a manner that both peer and executive level colleagues can understand.
- Ability to track complex remedial activities from multiple sources and provide updates to the customer in a user centric way.
- Ability to clearly articulate cyber security risks against business outcomes and provide advice on the remedial actions that should be undertaken.
- Used to managing and collaborating with multiple team members and reporting progress to stakeholders.
- Experience in managing security incidents on behalf of stakeholders.
- Experience within Defensive Cyber-attack methodologies and frameworks.
- Foundational level of scripting knowledge is desirable.
- 3+ years' experience working within Security Operations Centres (SOCs) or as a security analyst to resolve security incidents across a range of tools as listed above.
- Excellent verbal and written communications
