- Managing security alerts from the Security Operations Centre. This involves working with third party suppliers as well as internal stakeholders.
- Monitoring and analysing network traffic for any developing patterns and anomalies and investigating or escalating where required.
- Providing security input to and maintaining relationships with the IT Operations function in relation to incident management.
- Monitoring and responding to emerging threat patterns, vulnerabilities and anomalies and providing escalations of any unknown threats to the Security Operations Centre Manager.
- Identifying opportunities for security controls optimisation in line with threats affecting the organisation.
- Supporting scenario-based exercises to test our detection and response capability to drive continuous improvement.
- Supporting post incident reviews on high severity events to drive continuous improvement.
- Supporting maintenance of cyber incident response playbooks and supporting integration of these with our broader crisis management framework
- Ability to read and understand system data including security event logs, system logs, application logs, and device logs, etc.
- Strong analytical skills to monitor information and perform detailed data analysis to identify any vulnerabilities.
- Ability to identify threat patterns by absorbing and analysing disparate sources of data.
- Ability to manage competing deadlines and prioritise responsibilities to effectively meet business needs.
- Ability to work effectively independently and as part of a team.
- Ability to communicate clearly on security topics to non-technical stakeholders.
- Motivated to delivering quality and striving for continual improvement.
- Logical thinking and analytical ability.
- Aptitude in solving problems independently.
- Proven experience of triaging and managing security alerts.
- Strong experience in reading and understanding logs from different operating systems and applications.
- Good experience in security management of enterprise technologies.
- Experience of working in high performing teams and understanding the dynamics of teamwork in a Security Operations Center (SOC) environment.
- Experience of managing SIEM/SOC systems and basic troubleshooting.
- Experience in performing network traffic and log analysis.
- Knowledge of enterprise grade technologies including operating systems, databases and web applications.
- Knowledge of performing network traffic analysis for identifying any developing patterns.
- Knowledge of network infrastructure, such as firewalls, switches and routers, and security configuration of such devices.
- Good working knowledge of industry good practice frameworks such as NIST Cyber Security Framework, Centre for Internet Security (CIS) Critical Security Controls (CSC), ISO 27001, MITRE ATT&CK, Cyber Kill Chain, etc.
Eames Consulting is acting as an Employment Agency in relation to this vacancy.