DV Cleared Cyber Security Analsyt SIEM

Solvings require an Arcsight analyst for a cyber security project in belgium, must have relevant arcsight knowledge and must be min SC cleared!

this is a long term position until the end of 2017! people with NATO clearance will be preferred but SC as a min!

POSITION PURPOSE:

The Senior Security Event Analyst will be the front line in this cyber defence operation and will need to keep abreast of evolving Cyber threats, identifying new and sophisticated methods of detecting them across a NATO networks.

RESPONSIBILITIES/DUTIES/FUNCTIONS/TASKS:

- Analyse network, application and system log events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation
- Become part of the response process, drawing in the full range of capabilities available at NCIRC to assess, contain, eradicate the threat and recover the NATO services affected
- Coordinate or participate in individual or team projects
- Important role of working with other sections within NCIRC and potentially external stakeholders such as NATO Nations
- Involved in the investigation of these events during a normal working day to establish if these are expected events or a security threat
- Maintain keen understanding of evolving Internet threats to ensure the security of client networks
- Offer advice and constantly tune the service by designing advanced detection rules to be implemented into the SIEM (Security Information and Event Management) Solution
- Participate in knowledge sharing with other analysts and develop solutions efficiently
- Perform other essential duties as assigned
- Software engineering, programming or Scripting knowledge. Java, .Net.
- Support the team of Junior Analysts and provide a Technical Escalation Point during security incidents, establishing the extent of an attack, the business impacts, and advising on how best to contain the incident along with advice on systems hardening and mitigation measures to prevent a reoccurrence
- Understanding of Information Security; relating to the Confidentiality, Integrity and availability of information
- Write technical articles for internal knowledge base
- Other task as required

MINIMUM QUALIFICATIONS:

EDUCATION: 

- Degree or years equivalent in an IT, Science, or Mathematics related Field
- Arcsight or Source Fire Certified OEM Training

CERTIFICATIONS:

SANS GIAC Certified Incident Handler (GCIH) or equivalent

SECURITY CLEARANCE:

Active Secret or higher

EXPERIENCE: 

- 2 + years' experience as an Incident Handler or equivalent role and working preforming network and systems monitoring
- 2+ years experience using SIEM tools such as ArcSight, LogLogic, Q1 labs, Symantec Endpoint, other common devices, such as Routers, Switches, hubs. Troubleshooting Windows environments
- 2+ years experience of maintaining a secure network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices, EPO, and analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
- Knowledge of SNORT

PREFERRED QUALIFICATIONS:

SPECIAL POSITION REQUIREMENTS:  

- Demonstrate above average analytical skills and liaise professionally with peers and NATO stakeholders, even under pressure
- Exposure to IT service management best practices such as ITIL
- Mentoring or coaching members of a team
- Motivated, self-managed individual who is willing to help design and adapt a constantly evolving service
- Must be capable of communicating clearly with team members and other analysts
- Sound knowledge of IT security best practice, common attack types and detection/prevention methods

ADDITIONAL INFORMATION:

Required to accommodate flexible working hours including the need to be on-call during out-of-hours periods

Send CV's ASAP!