Secure Business Computing Solutions are based in Folkestone and are looking for a Cyber Security Analyst. Although the job description below is for an experienced person they are looking to train a graduate in this role.
To discuss further and apply send your CV to Barbara Burns, Office Manager at SBC Solutions, email: firstname.lastname@example.org
Job Title: Cyber Security Analyst
Who will they report into? Adrian Burns – Manging Director
This exciting role is for a growing Cyber Security and Data Protection company seeking a Security Analyst to join our growing Managed Security Service. Helping to ensure a robust and commensurate suite of measures are in place to defend internal and client networks and systems. You will report to the Managing Director and maintain strong relationships with the Internal and external stakeholders.
Essential Skills What skills will I need to be successful?
• Good knowledge of system/data vulnerability, intrusion, detection, access and authorization, firewall, encryption, protocols, and threat protection.
• Strong analytical and problem-solving skills, with the ability to manage multiple tasks.
• Basic knowledge of Information Security technologies; NIDS/IPS, HIDS, WAF, Firewalls, content filtering, Vulnerability Management, Incident response
• Experience with Security Information and Event Management (SIEM) and vulnerability scanners.
• Experience with Unix/Linux operating systems, working with network and server monitoring.
• Strong verbal and written communication skills.
• Good knowledge and practical use of vulnerability scanning and auditing tools such as NMAP, Nikto, Nessus, Burp Suite, Microsoft Security Baseline Analyser, Kali Linux. Knowledge of the Common Vulnerabilities and Exposures system https://cve.mitre.org
• Dogged curiosity to get to the root cause, and the ability to remain calm under pressure. Being a former white hat hacker is also a big plus.
• Good knowledge of Cyber Essentials and Cyber Essentials Plus Standards https://www.cyberaware.gov.uk/cyberessentials/docs.html What additional skills would be beneficial?
• Experience with tools such as AlienVault, Qradar, Splunk, ArcSight, SolarWinds and LogRhythm’s Security Intelligence Platform.
• Understanding of Linux networking and operating system from an InfoSec risk perspective.
• Sysadmin skills (Linux/Mac/Windows); programming skills (Python, Ruby, PHP, C, C#, Java, Perl, and more).
• Sophos Central, Cisco Umbrella, Solarwinds RMM
1 or more of the following
• AlienVault Security Analyst/Engineer
• Cyber Essentials + Auditor
• Technical Cyber Auditing Course qualification
• Certified Ethical Hacker
• Certified Penetration Testing Consultant
• OSCP – Offensive Security Certified Professional
• CISSP, GCIA GCIH, GCFA, GCFE
• 2+ years in performing onsite penetration/vulnerability security assessments.
• 2+ years in performing SOC Analysts role
Superstar Skills (difference between a good and exceptional candidate)
• Methodical and repeatable approach to gathering information
• Ability to pre-pre-plan ahead of time
• People who are passionate about their work and go the extra mile
• People who take pride in the output
What will their day to day responsibilities include?
• Reviewing the latest alerts to determine relevancy and urgency. Creates new trouble tickets for alerts that signal an incident and require Incident Response review. Runs vulnerability scans and reviews vulnerability assessment reports. Manages and configures security monitoring tools.
• Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts.
• Analyse potential intrusion, threats and vulnerability of company and client system infrastructure and data using the company Security Monitoring platform.
• Ensure client data is adequately protected and compliance with policy is verified
• Look for security breaches and follow established protocols to determine severity.
• Perform preliminary log collection and identify incidents to determine root cause, severity and escalation procedures
• Preserve evidence for further investigation and possible legal action
• Work closely with other technical teams to identify and escalate procedures to counteract potential threats/vulnerabilities
• Appropriately inform and advise team leads and managers on incidents and prevention
• Document and conform to processes related to security monitoring
• Support IT policy development, ensuring it continues to be fit-for-purpose as technologies evolve
• Participate in knowledge sharing with other security professionals and develop solutions efficiently.
Traveling to customer sites to perform Penetration and vulnerability assessments in line with the companies documented, methodology, process and procedures;
• Performing vulnerability assessments of devices in scope using industry standard tools.
• Capturing documentary evidence of the above testing and accurately recording the results within client’s templates.
• Creation of a report based on above output summarising the results.
• Providing guidance, advise and support throughout the engagements.
What are the objectives of the engagements?
To allow an assessor to determine whether the end clients are meeting the requirements specified the Cyber Essentials Standard.
What is expected from the candidate for this role?
In addition to the skills, qualifications and experience above. Each candidate must;
• Acceptance of Non-disclosure agreement
• Acceptance of company IS policies and procedures
• Integrity and Trustworthiness.
• Meet the required quality expectations that will be demonstrated during onboarding.
What must the employee have?
• Eligibility to work in the UK
• Clean Criminal Check
• Disclosure Scotland Certificate
• 2 or more good references
All of our roles require successful candidates to undergo a Baseline Personnel Security Standard and/or United Kingdom Security Vetting (UKSV) to obtain a Security Check (SC) without restrictions.
What is important from a Culture, Fit & Values perspective?
Honesty, integrity, good sense of humour and team spirit.
To apply send your CV to Barbara Burns at email@example.com