This job has expired

Cyber Defence Technical and Content Author

GardPass Consulting
Hereford (some work can be done off-site)
Rate is negotiable (subject to experience)
Closing date
3 Feb 2023

Job Details

Description of DV cleared role, based at customer site (some work can be done off-site) 

Uses data collected from a variety of Cyber defence toolsets to analyse events that occur within the ICS/network environment for the purposes of mitigating threats.

•    Develop content/use cases/playbooks for Security Information and Event Management (SIEM) solutions and provide SME assistance in the construction of signatures/rule correlations to be implemented in response to new or observed threats within the network/enterprise
•    Use Authority’s environment for continual monitoring and analysis of on-boarded ICS/networks to identify malicious activities 
•    Progress the ability to write custom lists, queries and rules within the Authority’s environment
•    Coordinate and conduct event collection, log management, event management, compliance automation and identify monitoring activities
•    Assist the Authority’s environment engineer team in identifying how logs should be parsed
•    Mentor and support the existing Level 1 Analysts to triage alerts independently and support their role development within the Authority’s environment
•    Produce the Authority’s environment related supporting documentation detailing governance, procedures and processes for Level 1 and 2 Analysts and linking to the engineering documentation
•    Develop innovative and cutting-edge detection content; utilising the MITRE ATT&CK and Cyber Kill Chain frameworks and liaison with the Authority’s environment TI to assist Authority in understanding their adversaries TTP’s, prioritise and test their defence in order to mature their Security Posture
•    Analyse ICS/network alerts received by the Authority’s environment and determine possible causes of such alerts
•    Analyse identified malicious activity to determine ICS/network weaknesses being exploited, the exploitation methods and effects on the system and information
•    Characterise and analyse network traffic in-depth to identify anomalous activity and potential threats to ICS/networks
•    Provide timely detection, identification and alerting of possible attacks/intrusions, anomalous activities and misuse activities and distinguish these incidents and events from benign activities
•    Coordinate with Authority’s environment’s staff to validate network alerts
•    Document and escalate incidents that may cause ongoing and immediate impact to the environment
•    Perform cyber defence trend analysis and reporting
•    Work with ambition to support the Authority with the maturation of the Authority’s environment, demonstrating a desire to broaden your own skills and knowledge in-turn imparting this knowledge on.

•    Previous experience of Enterprise ICS/network architectures and technologies
•    Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. 
•    Experience as a mentor/coach to junior Analysts
•    Experience of writing automated test scripts or feature verification tests.
•    Broad IT and Network Security Experience and its application within a SOC environment and Best Practices 
•    Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks
•    Skilled in performing packet-level analysis to identify potential malicious activities
•    Knowledge of key security frameworks e.g. ISO, NIST
•    Excellent communication skills
•    Experience of writing Defence/Government documentation

Desirable Qualifications:
•    Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)
•    SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
•    Advanced Analyst Course (SANS SEC503 or equivalent)


Intelligent Recruitment

We constantly remind ourselves that people come first, so we have a commitment to providing an excellent personal service to our clients and candidates with the know-how to save you from wasted time and disappointment.

Our clients come from all commercial and industry sectors and, in particular, we have expertise in sourcing candidates in the land, marine, air, weapons, electronics, communications, avionics and cyber security domains.

GardPass Consulting bring a discerning approach to the resolution of both organisational recruitment requirements and individual career aspirations. 

Mobilising and placing individuals and large teams on a global basis at speed in complex situations is one of our specialities. We offer a wealth of experience and expertise in supplying project personnel on a worldwide basis, backed-up by a huge network of qualified, experienced professionals (many of them security-cleared at various levels). Many of our candidates have worked with us on several projects – often for the same client, by request.

Find Us
+44 7939 073902
Pendragon House, 65 London Road
St Albans

Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert