This is a role which will provide you with an excellent foundation in fast paced Security Event Analysis at the forefront of global communication defence. The Security Event Analyst team is responsible for the day-to-day identification of security related events during normal working hours with some opportunity for additional shift work.
Retrieval and support in the analysis of Full Packet Captures (FPC)
Provision of in-depth analysis after ticket escalation
New threat analysis
Vulnerability Assessment scanning
Signature creation e.g. SNORT rules
Provision of On-the-Job Training (OJT) for the Level 1 event analysts, including tools familiarisation
Ad-hoc taskings from the Incident Management Section (IMS) in support of investigations
The role requires a high level of experience in a minimum of one of the below key cyber security areas, along with a working level experience across a broad selection of other cyber security technologies.
Security event management and analysis, especially with the configuration, operation, troubleshooting, and management of ArcSight products;
Management, use and analysis of events from Network Based Intrusion Detection Systems (NIDS) and Host Based Intrusion Detection Systems (HIDS)
Deployment, configuration and maintenance of network security appliances and networking devices and associated management software
Knowledge in the use of a variety of Security Event generating sources (e.g. Firewalls, IDS, Routers, Security Appliances)
Experience of Computer forensics tools (stand alone, on-line and network)
A professional SANS certification (e.g., GSEC, GCIA) or CISSP