Senior Cyber Security Analyst

A leading Government body requires a Cyber Security Analyst to join their team in Southport on a 12 month contract basis. Candidates who already hold Security Clearance are preferred but all candidates must be willing to go through SC. As a Security Analyst, your role on the team will include leveraging your knowledge of industry best practices, good judgment and problem solving skills to execute security operations. Areas of concentration include firewalls, intrusion detection/prevention, encryption, antivirus, incident response, and security event management. Technologies of specific interest (desirable but not essential) include: Familiarity with Wireless NAC, ELK, and RSA Envision In this position you will: * Provide security monitoring for a growing environment; support incident responses and provide root cause analysis support for incidents. * Provide Information Security Reporting and Metrics and provide input into improving information security reporting and metrics; identify/recommend improvements on internal investigation capabilities via tool building. * Provide assistance in recovering from security breaches; participates in investigation and remediation of security incidents; establish configuration policies for security technologies. * Review aggregated server logs, firewall logs, intrusion prevention logs, and network traffic for unusual or suspicious activity. * Conduct research on emerging threats in support of security enhancement and development efforts; recommend security improvements, upgrades, and/or purchases. * Create and maintain internal training materials and provide training to appropriate information systems staff; assist with propagating security awareness among employees. * Working as part of a team, performing deep-dive incident analysis and determining if critical systems or data sets has been impacted. * Coordinating the incident response of minor incidents by advising on remediation actions and escalating major incidents to the designated parties. * Generating tailored reports of minor and major incidents. . * Recording lessons learnt and improving existing processes and procedures. * Processing incident communications to include initial reporting, follow-ups, requests for information, and resolution activity. * Providing support for new analytic methods for detecting threats. * Continuously seeking to identify potential service and process improvements. Experience - Have a strong IT technical background and experience working in a SOC environment. - Has functional knowledge of understanding and configuring open source toolsets. Examples are Splunk, Logstash, Redis, ElasticsSearch, and Kibana (ELK). - Has utilised toolsets for analysis such as but not limited to SIEMs (e.g. Splunk, ELK, LogRhythm, MacAfee, IBM QRadar, etc.), IDS/IPS (e.g. network- and host-based), NAC, FIM, DLP, vulnerability management tools, network monitoring tools, Cyber Security Case management (eg SNow), etc. - Functional knowledge of TCP/IP protocol suite, LAN/WAN technologies, switching, routing, VoIP and Telephony technologies, firewalls and VPN, intrusion prevention systems (IPS), vulnerability assessment and patch management tools. - Functional knowledge of UNIX, Linux, Apple and Windows technologies. - Functional knowledge of operating protocol analysers and analysing output. - Functional experience performing monitoring, analysis and recovery procedures or security technologies. - Functional experience performing deep-dive incident analysis by correlating data from various sources. - Experience of using Security Information and Event Management (SIEM) platforms, and Case Management tools. - Knowledge of targeted cyber attack analysis and response, and coordinating incident response processes. - Active CISSP, SSCP, SANS certifications, Security or equivalents