Apprentice Cyber Intrusion Analyst
A fantastic opportunity has arisen for an Apprentice Analyst working for our Design & Engineering division in Salford, Manchester. The role involves being part of a 24x7 Security Operation Centre (SOC) team, with responsibility for monitoring the company's networks for security issues (using SIEM/log analysis toolsets), assisting with vulnerability scanning, threat intelligence and security incident response.
The purpose of the role is to ensure that the company's information and systems are protected, in accordance with the needs of the business and according to Information Security principles of availability, integrity and confidentiality. The SOC Apprentice Analyst will work with the SOC Specialist/shift leader day to day and the IT Forensics Specialist.
As an Apprentice Cyber Intrusion Analyst, your job includes:
- Monitor the company's networks for malicious activity using Security Incident and Event Management (SIEM) toolsets. This will include responding to and investigating alerts, assisting with developing new security monitoring use cases, and ensuring all investigative activity is properly documented in our ticketing systems and followed up with relevant support teams.
- Triage issues escalated to the information security team, and ensure that appropriate followup actions are taken by the SOC.
Development of Documentation:
- Assist the SOC Specialist in developing and maintaining SOC documentation and processes.
- Assist the SOC Specialist in monitoring open source intelligence sources for potential threats against the company, and ensure appropriate defensive actions are taken with respect to these.
- Assist the SOC Specialist in running vulnerability scans against the company's infrastructure, interpreting these and following up issues with relevant support teams.
- Form part of the company's Security Incident Response team, assisting with whatever activities are deemed necessary by the incident leader.
- Provide support to projects undertaken by the company's Information Security function.
Desirable (not essential)
- Good infrastructure and technology experience including demonstrable understanding of security operations;
- Good knowledge of security issues inherent in common corporate environments;
- Experience working with 1st line ticketing/triage
- Experience using Security Incident and Event Management (SIEM) toolsets;
- Specific experience in Splunk / big data forensic technologies;
- Specific experience using Alienvault SIEM toolsets;
- Experience using vulnerability scanning tools;
- Experience identifying and reporting on open source threat intelligence;
- Proven technical ability in Unix/Linux/etc;
- Proven technical ability in Microsoft Windows;
- Proven technical ability in networking systems;
- Experience with VMware virtualisation;
- Experience of system forensics;
- Experience of malware analysis.
- Highly motivated individual with a genuine enthusiasm for information security and technology;
- Willingness to work shifts (including unsociable hours and bank holidays where these fall into your shift pattern) as part of a 24x7 team.
- Sound understanding of information security principles and best practices;
- Good communication skills both written and verbal;
- Ability to prioritise workloads and to know when to seek guidance.
You'll need at least five GCSEs (or equivalent) at Grade C or above including Maths, English and either IT or Science.