Cyber Defence Center - Security Analyst,- IN, Willis Towers

Cyber Defence Center - Security Analyst,- IN, Willis Towers

Job Description

  • 5 to 8 years of hands-on work experience working in a Security Operating Centre (SOC) or similar.
  • Ensure timely response to any cyber incident to minimise risk exposure and production down time
  • Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope and nature of the incident
  • Sysadmin skills (Linux / Windows); programming / scripting skills (PowerShell or Python).
  • Detecting emerging threats based upon analysis, data feeds and sources (internal & external intelligence sources).
  • Engaging with IT functions to ensure alerts are actioned appropriately and in a timely manner.
  • Working within the team and the wider Information Security group to build new tools for intelligence gathering.
  • Building and maintaining senior management dashboards to provide a clear understanding of team activities and threat landscape.
  • Active Cyber Threat Hunting & provide recommendations to optimize cyber security based on threat hunting discoveries.
  • Reviews asset discovery and vulnerability assessment data. Explores ways to identify stealthy threats that may have found their way inside your network, without your detection, using the latest threat intelligence.
  • Familiar with using data visualization tools (e.g. Maltego) and penetration testing tools (e.g. Metasploit).
  • Analyse and correlate incident data to develop a preliminary root cause and corresponding remediation strategy
  • Evaluate target systems to analyse results of scans, identify and recommend resolutions

Routinely develop and update incident response playbooks to ensure response activities align with best practices, minimise gaps in response and provide comprehensive mitigation of threats.

Qualifications:

  • Qualified to degree level, preferably in IT or security related subject.
  • Be interested in developing skills and knowledge in information security, and willing to work towards appropriate professional qualifications.
  • OSCP, GSEC, GISF, GCED, CEH.

Skills

  • Solid understanding of SIEM technologies.
  • Scripting and programming skills with proficiency in one or more of the following; PowerShell, Pearl, Python.
  • A solid understanding of networking technologies, enterprise wide technologies including database, operating system, web application, middleware, etc.
  • Knowledge of computer and network forensics investigations, malware analysis.
  • Knowledge of cryptographic protocols.
  • Experience with security assessment tools, including Wireshark, Metasploit, Nexpose.
  • Experience in other areas such as data loss protection, threat assessment, hunting and intelligence, access management, knowledge of VAPT.
  • Proven ability to work in global collaborative group environment
  • Experience working with a high degree of autonomy, managing own workload and delivering to tight timescales
  • Strong communication skills, both oral and written.
  • Team player with good interpersonal skills.
  • Organised and methodical.
  • Willing to challenge and desire to learn.
  • Ability to communicate technical concepts to nontechnical disciplines
  • Good communication skills, both orally and in writing
  • Ability to communicate and collaborate effectively with other team members in a geographic and culturally diverse workforce

Essential:

  • SIEM investigations.
  • Thorough understanding of network protocols, data on the wire, covert channels, ciphers and shell scripting.
  • Thorough knowledge of network protocols/technologies (e.g., TCP/IP, HTTP/HTTPS, REST)
  • Expert-level experience and very detailed technical knowledge in at least three of the following areas: general information security; security engineering; network architecture; authentication and security protocols; applied cryptography; common communication protocols; single sign-on technologies; Microsoft Active Directory, exploit automation platforms.