Salary: £25,000 - £30,000
Ref: Basingstoke - T 5859
Do you have knowledge of SIEM? Are you available for permanent work? If so, our client is seeking an individual to join their team located in Basingstoke. The Threat Response Analyst will be responsible for acknowledging and researching Security Incident Event Management , User and Entity Behaviour Analytics and Cloud Access Security Broker alarms.
This position is based on a shift rotation pattern as follows:
6am - 6pm - 4 days on, 3 days off then 3 days on and 4 days off. This comes with a 10% Shift allowance in addition to base salary.
Duties & Essential Job Functions:
- Responsible for following case development and escalation workflows when an alarm needs to be escalated to the client.
- Performing historical correlation analysis on incidents and events generated inside of the environments.
- Providing rule and alarm tuning recommendations to the SIEM engineering team while also notifying the Client Service Manager.
- Knowledge of SIEM technology and functions of some security tools (IDS/IPS, Firewalls, etc.)
- Experience working with interpreting, tuning, searching and manipulating data within SIEM, UBEA, CASB or other related security tools
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
- Bachelor’s Degree in Information Technology, Information Security/Assurance, and Engineering or related field of study; or at least two years of related experience and/or training; or equivalent combination of education and experience preferred.
- Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
- Experience utilising the Cyber Kill Chain, Diamond Model or other appropriate models
- Experience in gathering and managing threat intelligence
- Ability to present a recommended remediation strategy to client in professional format
- Knowledgeable and experienced using basic regular expressions
- Ability to fully utilize MS Office products required
- Linux administration experience
- Windows administration experience
- Shell scripting experience e.g. BASH, CSH, KSH
- Experience using open source tools such as Remnux, Kali, VirusTotal, IPVoid, TCPdumpMetaSploit, Wireshark, etc
- Certification: Security+, Network+, CEH or equivalent certification is desired but not required.
If you do not hear from a Consultant within two weeks of submitting your application, then unfortunately on this occasion your application has been unsuccessful.