Junior SOC Analyst – National Security West

Responsibilities

• Monitor, triage, analyse and investigate alerts, log data and network traffic using the Protective Monitoring platform and Internet resources to identify cyber-attacks / security incidents.
• Categorise all suspected incidents in line with the Security Incident policy
• Recognise potential, successful and unsuccessful intrusion attempts and compromises through reviews and further analysis of relevant event detail and incident summary information.
• Write up high quality security incident tickets using a combination of existing knowledge resources and independent research.
• Assist with remediation activities (or support customer stakeholders) to inhibit cyber-attacks, clean up IT systems and secure networks against repeat attacks.
• Produce security incident review reports to present information about the security incident and provide security improvement recommendations based on the security incident review.
• Understand Threat Intelligence and its use in an operational environment
• Support incident response to national scale incidents in a coaching capacity
• Work with other teams within BAE to improve services on the basis of customer needs.

Requirements

Technical

• Basic Python and/or scripting skills, Windows, OS X, and Linux
• Experience using Splunk and Sentinal
• Working with a range of security tooling/technology
• Strong understanding of security architecture, in particular networking
• Detailed understanding of threat intelligence and threat actors, TTPs and operationalising threat intelligence.
• Experience in investigating complex network intrusions (by state-sponsored groups or targeted ransomware attacks).
• Understand TCP/IP component layers to identify normal and abnormal traffic
• Understanding of AWS &/or Azure cloud services
• Experience of Splunk (with ES) &/or Sentinel, content development experience desirable

Non-technical

• Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing)
• Security process development
• Able to understand and adapt to different cultures and hierarchical structures.
• Self-starter and capable of independent working

Desirable

• Software engineering experience
• Penetration testing skills