Senior Security Operations Analyst – Malware Analysis – SIEM
Elevate Direct is a highly sophisticated Talent Acquisition Platform that connects roles with candidates via AI and machine learning specially designed to increase the productivity of your talent function across all workforce categories. Commonly referred to as a direct sourcing platform, Elevate Direct removes the barriers between hiring managers and candidates.Our team of talent specialists and data scientists has spent the last 5 years analysing over 22 million data points to create an intelligent hiring platform, based on neural networks and the latest in data science modeling.The result is a direct sourcing platform that is easy for candidates and clients alike to use, seamlessly working with multiple talent acquisition channels, curated talent pools and self directed candidates, providing a one stop shop for sourcing, matching and engagement of a diverse set of talent.Elevate Direct features an impressive clients list including SAP, Airbus, Bank of America, Experian, UK government , Johnson and Johnson, Nasdaq among others.
To lead the identification of threats and the detection of malicious behaviour on the Department’s IT estate.
To develop protective monitoring processes and systems to support the effective mitigation of risks to DWP’s information systems.
To advise on security remediation plans and strategies based on analysis of security threats and vulnerabilities on the estate.
To advise on mitigation against known vulnerabilities and risks within DWP’s information systems.
To provide the technical lead in incident response, digital forensics and full malware analysis. Provide expertise to ensure these activities meet all statutory, evidential, Departmental and ethical guidelines.
To lead in the successful identification of known security vulnerabilities on the Department’s IT estate; providing advice on security remediation plans, risk mitigation and strategies based on analysis of security vulnerabilities on the estate within DWP’s information systems.
- Design and build complex interrogation scenarios/playbooks using threat intelligence, providing automated data analysis to detect potential abuse or malicious activity.
- Building documented processes and procedures to ensure all aspects of incident response, digital forensics and malware analysis are carried out in an evidentially secure manner and comply with all statutory, Departmental and ethical guidelines.
- Ensure the prompt and accurate analysis of data, logs and audit trails to help identify potential security breaches, cyber-attacks or abuse.
- Provide advice to analysts to support the analysis of anomalies/interpretation of outputs from system logs and audit trails.
- Lead engagement with DWP business areas to ensure the latest threat intelligence is risk assessed, and scenarios to detect abuse and malicious activity are relevant to the changing risk landscape.
- Provide advice to internal and external DWP stakeholders on developing proportionate controls to mitigate risks to data held on the Department’s IT estate.
- Lead the development of protective monitoring processes and systems to help mitigate risks to DWP’s information systems.
- Contribute to the development of communications and stakeholder management strategies, which increase understanding of protective monitoring and processing risks across the Department.
- Lead the design and delivery of vulnerability assessments and penetration tests.
- Lead the analysis and interpretation of penetration tests to determine actions and remediation.
- Lead the analysis of cyber security events and incidents and recommend remediation steps.
- Assess DWP’s existing capability in collecting, analysing, escalating, and responding to potential cyber-attacks.
- Implement continuous security vulnerability assessment plans based on the analysis of security threats and vulnerabilities on the estate.
- Lead delivery of measurable security through vulnerability assessment reporting for mitigating threats and vulnerabilities.
- Lead development and maintenance of associated policies and standards for mitigating threats and vulnerabilities.
- Execute security testing to identify security vulnerabilities on the DWP IT estate.
- Lead the analysis of vulnerabilities and risks across DWP’s Information and Communications Technology (ICT) systems.
- Review risk assessments of networks, systems, firewalls and anti-virus systems, and recommend proportionate mitigation activity as necessary.
- Lead the acquisition and analysis of digital images or other data sources including malware to investigate and resolve security incidents, and inform DWP’s response to attack and compromise.
- Provide technical expertise for the production of Indicators Of Compromise, the resolution of Requests for Information and the production of threat intelligence products.
- Lead and develop a team of Security Operations Analyst s to achieve optimum outputs.
*Please note that a maximum of six essential skills will be selected for recruitment purposes.
- BCS Certificate in Information Security Management
- *GIAC Certified Intrusion Analyst (GCIA), GIAC Continuous Monitoring Certification (GMON), GIAC Security Essentials (GSEC), GIAC Certified Enterprise Defender, GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH), GIAC Network Forensic Analyst (GNFA), GIAC Malware Reverse Engineer (GREM) or equivalent qualification.
- Proven expertise using digital forensic and malware analysis tools, commercial or open source.
- Proven expertise in the acquisition of digital images from diverse devices including laptop computers, mobile phones and stand-alone storage devices.
- A thorough understanding of the structures underpinning corporate IT systems and how these structures can be compromised and exploited.
- Understanding of the concepts of information security, current and emerging IT security, data protection, and information risk principles and technologies.
- Understanding of security monitoring, intrusion detection, prevention and control systems including firewalls, anti-virus, web proxies and security software.
- Understanding of threat intelligence, security monitoring and vulnerability management tools.
- Ability to influence senior managers at Senior Civil Servant level and above, and to articulate complex security related messages and recommendations in accessible language tailored for the target audience.
- Well-developed analytical skills, with the ability to swiftly analyse significant quantities of complex data and draw firm conclusions to influence the acceptance of recommendations.
- Experience of managing cyber security or fraud incidents across large sets of information
- Strong knowledge and understanding of the concepts of information security, and of current and emerging IT security, data protection and information risk principles and technologies.
- Experience of managing multiple priorities and responding flexibly and effectively to competing demands, balancing priorities accordingly
- Comfortable relying on others’ expertise to inform effective decision making
- BCS Certified Information Systems Security Professional (CISSP), or equivalent security qualification.
- Understanding of common network services, including web, mail, file transfer protocol, network vulnerabilities, and network attack patterns.
- Understanding of UK public sector Security Policy Framework (SPF), CESG InfoSec Standards, Centre for the Protection of National Infrastructure (CPNI) documents and the Government Secure intranet (GSi) Code of Connection and current government / CESG standards.
- Understanding of industry standards for information security policies, governance processes, risk and control frameworks, such as the ISO27001 standard
- Understanding of Her Majesty’s Government (HMG) and Departmental policies and standards.
- Experience of automated vulnerability remediation tools such as BigFix or Tanium.
- Understanding of penetration testing methodologies.
- Understanding of analysis and query tools.
- Understanding of organisational (or DWP) operational processes.
- Leadership skills.
- Planning and management skills.
- Well-developed communications, stakeholder management and interpersonal skills.
- Awareness of appropriate software development languages e.g. Python, Java, JSON, Node.js), COBOL.
- Awareness of Agile project methodology and/or experience of system development in an Agile environment.
- Working knowledge of commercial processes.
- Proven experience advising and applying risk-based proportionate security controls in decision-making.
- Experience facilitating risk workshops to identify proportionate control requirements.
- Experience working with a wide range of clients / stakeholders from commissioning work through to delivery, using appropriate techniques.
- Strong experience of using analytical tools to identify security or fraud compromises within large amounts of complex data
- Strong experience of analysing large datasets to find anomalies
- Strong experience of applying information security expertise to protect data
Accreditation & Qualifications
- Project Management – Level 4
- Relationship Management – Level 6
- Information Security – Level 5
- Business Risk Management – Level 5
- Relationship Management – Level 5 (for STRAPSO & Crypto Custodian only)
- Continuity Management Level 5 (for STRAPSO & Crypto Custodian only)