Salary: £35,000 - £60,000
Ref: Basingstoke - T 2839
Do you have knowledge of SIEM? are you available for permanent work? if so our client is seeking three individuals to join their team located in Basingstoke dependant on experience. The Threat Response Analyst will be responsible for acknowledging and researching all Security Incident Event Management , User and Entity Behaviour Analytics and Cloud Access Security Broker alarms during their shift.
This position is based on a shift rotation pattern as follows:
6am - 6pm - 4 days on, 3 days off then 3 days on and 4 days off. This comes with a 10% Shift allowance in addition to base salary. (Base salary is dependent on experience)
You will perform historical correlation analysis on incidents and events generated inside of the environments. Youwill also be responsible for following case development and escalation workflows when activity needs to be escalated to the client and provide tuning recommendations to the Client Service Manager.
Duties & Essential Job Functions:
- Responsible for following case development and escalation workflows when an alarm needs to be escalated to the client.
- Performing historical correlation analysis on incidents and events generated inside of the environments. They will also be responsible for following case development and escalation workflows when of note activity needs to be escalated to the client.
- Providing rule and alarm tuning recommendations to the SIEM engineering team while also notifying the Client Service Manager.
- Knowledge of SIEM technology and functions of some security tools (IDS/IPS, Firewalls, etc.)
- Experience working with interpreting, tuning, searching and manipulating data within SIEM, UBEA, CASB or other related security tools
- Knowledge of log formats and ability to aggregate and parse log data for syslog, http logs, DB logs for investigation purposes
- Bachelor’s Degree in Information Technology, Information Security/Assurance, and Engineering or related field of study; or at least two years of related experience and/or training; or equivalent combination of education and experience preferred.
- Associate’s Degree or equivalent from two-year College or technical school in Information Technology, Information Security/Assurance, Engineering or related field of study; at least 2 years of related experience and/or training; or equivalent combination of education and experience required.
- Experience utilizing the Cyber Kill Chain, Diamond Model or other appropriate models
- Experience in gathering and managing threat intelligence
- Ability to present a recommended remediation strategy to client in professional format
- Knowledgeable and experienced using basic regular expressions
- Ability to fully utilize MS Office products required
- Linux administration experience
- Windows administration experience
- Shell scripting experience e.g. BASH, CSH, KSH
- Experience using open source tools such as Remnux, Kali, VirusTotal, IPVoid, TCPdump MetaSploit, Wireshark, etc
- Certification: Security+, Network+, CEH or equivalent certification is desired but not required.
If you do not hear from a Consultant within two weeks of submitting your application then unfortunately on this occasion you have been unsuccessful.