Role Title: SIEM / Incident SME
Duration: 6 - 12 Months
**A national security clearance is required for this role but candidates not holding this level of clearance will be considered**
We are urgently seeking a Cyber Security Incident SME with previous experience of Enterprise ICS/network architectures and technologies
This for our client who are a Global IT Service Provider. This will be on a long term contract and onsite in Portsmouth and customer sites as needed by projects.
The Cyber Defence Analyst will join a growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of junior analysts, monitoring networks to actively remediate unauthorised activities.
* Develop and integrate security event monitoring and incident management services.
* Respond to security incidents as they occur as part of an incident response team.
* Implement metrics and dashboards to give visibility of the Enterprise infrastructure.
* Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.
* Produce documentation to ensure the repeatability and standardisation of security operating procedures.
* Develop additional investigative methods using the SOC's software toolsets to enhance recognition opportunities for specific analysis.
* Maintain a baseline of system security according to latest threat intelligence and evolving trends.
* Participate in root cause analysis of incidents in conjunction with engineers across the enterprise.
* Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.
* Offer strategic and tactical security guidance including valuation requirement of technical controls.
* Be part of the CRM process
* Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident.
* Document, validate and create operational processes and procedures to help develop the SOC.
* Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.
* Build, install, configure, and test dedicated cyber defence hardware.
* Support Junior Analysts to manage SOC systems.
* Previous experience of Enterprise ICS/network architectures and technologies
* Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.
* Experience as a mentor/coach to junior analysts
* Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks
* Skilled in maintaining Microsoft directory services.
* Skilled in using virtualisation software.
* Knowledge of key security frameworks (e.g. ISO, NIST 800-53, 800-171, 800-172, C2M2)
* Excellent communication skills
* Experience of writing Defence/Government documentation
* Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)
* SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
* Advanced Analyst Course (SANS SEC503 or equivalent)