The successful candidate will be required to use their expert knowledge of SOC technologies to support, maintain, troubleshoot and tune the security devices, working in conjunction with other cyber security specialists as an integral part of a wider system implementation within the SOC.
You will be responsible for working with the Security Event Analysts to help tune the security tools for optimum performance. Ensuring that all specialist applications such as event correlation (and its associated remote data collection feeds), network discovery, network traffic pattern/flow analysis, mail content checking, extrusion detection and on-line computer forensics tools are installed, configured and operational.
This role will include configuration and administration of a range of cyber defence specialist tools, primarily focussed on Network Intrusion Protection (NIPS) and Full Packet Capture (FPC). Successful candidates may become involved in the investigation in to security events to establish if these are expected tool behaviours, events or a security threat.
- Provide engineering guidance to support all security devices within the SOC.
- Develop all systems and architecture of the SOC.
- Participate in the integration, build and deployment of client SOC services
- Ensure that relationships with clients’ Networking teams are built and sustained to deliver a seamless integrated service.
- Share knowledge with CIRT and SOC Analyst teams
- Document all procedures and process
- Be an ArcSight SIEM SME
- Deep understanding of ArcSight is essential
- Experience of maintaining a secure enterprise network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, HIDS/EPO. Knowledge of Sourcefire/Snort.
- A sound knowledge of IT security procedures, common attack types and detection / prevention methods.
- Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
- In depth experience of other common devices, such as routers, switches, hubs.
- Good understanding of application protocols (HTTP, DNS, FTP, etc.) and networking protocols (TCP, UDP, ARP)
- Experienced with integrating existing IT infrastructures into the ArcSIght SIEM / SOC solution from inception through to support
- Understanding of various SOC standards and reporting requirements i.e. GPG13
- Experience implementing SOC reporting and governance
- Experience with SOC automation and workflow products such as Archer GRC