Job Description

Location: Basingstoke



Department: Group IT



Reporting to: Chief Security and Information Officer

Job Objective

Acknowledge, analyse and validate incidents triggered from correlated via analysis and various tools Acknowledge, analyse and validate incidents received through other reporting mechanisms such as email, phone calls, management directions, etc. Collection of necessary logs that could help in the incident containment and security investigation Be able to make high quality decisions, often with incomplete information, and actively and reactively engage with customers Escalate validated and confirmed incidents to CISO Undertake first stages of false positive and false negative analysis Understand the structure and the meaning of logs from different log sources such as FW, IDS, Windows DC, appliances, AV and antimalware software, email security etc. Open incidents. Analyst should properly include for each incident on all details related to the logs, alarms and other indicators identified, with the intervention protocol. Track and update incidents Research and analyse security incidents and provide insight into how to detect and resolve them Report infrastructure issues to the infrastructure team. Help develop platforms and tools to automate and improve security posture across the group Help improve and develop documentation.

Skills and Competencies Required

Knowledge and hands-on experience in management of IDS/IPS, Firewall, VPN, EDR/XDR, mail filtering and other security products Experience in Security Information Event Management (SIEM) tools, creation of basic co-relation rules, and administration of SIEM preferred Should have expertise on TCP/IP network traffic and event log analysis Network Troubleshooting skills required. Knowledge and hands-on experience in penetration testing/vulnerability scanning, security tools like tenable Nessus, kali Linux Knowledge of ITIL disciplines such as Incident, Problem and Change Management Experience of infrastructure design and management in mission critical environments preferred. Understanding of Virtual Infrastructure and windows environments preferred Effective communication, organizational, problem-solving and presentation skills Self-motivated and, in time while supported, able to work with minimal supervision. Ability to build trusting, collaborative relationships with peers yet with a strong sense of accountability and ownership. Knowledge of ISO27001, CE, CE+

Key Tasks

Security assessments: Create and perform security assessments and threat models Security standards: Develop, implement & maintain security standards and plans Vulnerability Management: Research weaknesses and find ways to counter them Security incident response: Respond to attack vectors and security incidents, and coordinate incident response across teams Security software testing: Test company software, firmware, and firewalls Security software design: Design software security systems like intrusion detection systems and firewalls Security system maintenance: Maintain and proof network security systems * Security system analysis: Analyse security systems and seek improvements on a continuous basis