Senior Cyber Security Analyst  [SOC and IDS/IPS SME]

As part of the managed security service team, Cyber Security Analyst is a client facing role primarily responsible for overseeing and upkeeping the IDS/IPS intrusion management, co-ordinate SOC service and handle security incidents coordinating with SOC and other operations teams.  Additionally, the analyst may also be required to carry out vulnerability management and management of overall security service actions

Job Description:

Oversee the upkeeping of the intrusion detection system (IDS) and intrusion prevention system (IPS) signatures for customer’s security gateways and Firewalls. Ensure that SOC services are delivered as per agreed Service Level Agreements (SLAs), quality standards, and client expectations. Point of escalation for security incidents, coordinating across technical and non-technical teams to respond swiftly and effectively. Coordinate the Security Operations, Incident Response Teams and other technical resources needed to troubleshoot major incidents to determine the affected/vulnerable systems, affected/vulnerable users Identify any business areas impacted and coordinate communications with all relevant stakeholders as per Major Incident Management process. Coordinate the remediation and containment activities as advised by either the NTT DATA SOC or Incident Response Team. Oversee, support, and manage through to completion the investigative and remediation activities in conjunction with relevant support teams. Coordinate post incident investigation with relevant teams or third parties and document the appropriate report to be provided to the customer

 

Co-ordination of major security incidents out of hours (on-call rota) Provide clear, timely, and regular updates to Customers, senior management, business leaders, and other relevant stakeholders during critical security incidents. Continuously track service performance and make improvements when necessary. Carry out vulnerability management activities including co-ordination and reporting of vulnerabilities including: Using InsightVM tool carry out scheduled scanning of systems, networks, and applications to detect potential security weaknesses. Prioritize vulnerabilities based on their risk level, potential impact, and the criticality of the affected assets, ensuring that high-risk vulnerabilities are addressed first. Whenever a critical severity vulnerability is identified during a scheduled or ad-hoc scan, a remedy ticket will be raised to the appropriate resolver group to review and assess the vulnerability for mitigation or remediation. Work with the Customer Business Owners to ensure they fully understand the risks, and can effectively coordinate the recommended remediation follow up with the system owners for updates on the outcome of their review and will follow the agreed process for updating the tracking document for each Scheduled Scan. track the progress and outcomes of the identified vulnerabilities through to closure Outside of the scheduled scans, carry out on demand ad-hoc scans and onboarding of new systems for scheduled scans Provide support and guidance to NTT DATA Delivery Teams and ensure compliance with the agreed Service Level Agreements (SLAs), quality standards, and client expectations. Document and present to the customer the weekly and/or monthly service review reports. Support Technical Service Delivery Manager in review of any service delivery processes and workflows, identifying areas for optimization and implementing best practices. Shadow primary Technical Service Delivery Manager in order to provide service continuity in the absence of the primary Technical Service Delivery Manager Provide directions to SOC Service Desk when they need guidance on responding to threat notifications via emails Participate in security risk reviews

 

What's important?

 

It starts with amazing people, challenging projects and a work environment that supports the creation of tangible solutions that make an impact. You will need to have a broad experience of security service delivery management and have evidence of experience in a number of the following fields of expertise:

 

At least 10 years of experience in providing technical support and advice for a Security Operations Centre Demonstrate in-depth knowledge of Security incident Management and Security Operations. Excellent communication and client relationship skills to interface with clients, stakeholders, and senior leadership. Past experience in supporting and managing IDS & IPS Demonstrable knowledge and Experience in providing Vulnerability Management Services Significant experience and ability to manage and lead in crisis situations, ensuring a swift and effective response. Demonstrable experience in leading and coordinating diverse teams effectively. Excellent English writing skills for technical documents and improving processes (such as policies and reports). Outstanding English verbal communication skills with the ability to explain things in a clear and non-technical way. Strong attention to detail and the ability to deliver high quality work. A relevant and recognised professional Security / Risk / Compliance certification supporting the role, such as CISSP, CICM, GCIH, etc.

 

 

#LI-INPAS