Job Specification: The DPS SOC Security Analyst (Incident) is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Analyst (Incident) is critical for the deployed environment, ensuring that operational security processes are enacted at every level. The Security Analyst (Incident) reports to the Security Manager (Incident) and is responsible for:
* Detecting and responding to malicious behaviour across all platform components including workstations, servers, and network devices.
* Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
* Reviewing and responding to escalated security events.
* Proactively hunting threats within the OpNET environment.
* Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
* Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
* Conducting forensic analysis on systems and engaging third-party resources as required.
* Ensuring incident identification, assessment, quantification, reporting, communication, mitigation, and monitoring.
* Ensuring compliance to SLAs and KPIs, process adherence and process improvisation to achieve operational objectives.
* Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
* Revising and developing processes to strengthen the DETECT and RESPOND delivery.
* Initiation of corrective action where required.
* Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
* Creation of reports, dashboards, metrics for SOC operations and presentation to OpNET CISO and Security Working Group (SWG).
* Co-ordination with stakeholders (both internally within DPS and externally with the CyISOCs), build and maintain positive working relationships with them, and ensure outputs are aligned.
* Routine governance and compliance audits, and accreditation activities.
* Hold current DV clearance.
* Strong hands-on experience of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onion v2).
* Hands-on experience on a variety of scanning tools when required to investigate from tools specifically (tools including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee ePO, Tanium, Tripwire and Whats Up Gold).
* Experience in forensics, malware analysis, threat intelligence.
* Ability to understand, modify and create threat detection rules within a SIEM.
* Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities.
* CompTIA A+.
* CompTIA Security+.
* CompTIA CySA+.
* CompTIA PenTest+.
* SANS 504 - Incident Handling.
* SANS 503 - Intrusion Analyst.
* SANS 511 - Continuous Monitoring.
Contract, Full Time
- Industry Sector Other