Goodman Masson are currently recruiting for Intrusion Analysts to work within a dedicated Response Analyst team. The role encompasses both monitoring and responding to alerts raised by various tool-sets as part of an ongoing managed security monitoring service, coupled with analysing data sets gathered from Incident Response investigations and assisting Investigative Consultants to deliver positive investigative outcomes to our breach investigation consultancy engagements.
The individuals who take on these roles will be working as part of the Response group within an established and busy team. Day to day responsibilities will include responding and investigating alerts, liaising with customers to detail investigation outcomes and recommend remediation actions, managing threat intelligence and actor profiling, assisting in the generation of new signatures / rules, and assisting in the definition of analysis procedures and protocols.
An analyst working in the Response team could also expect to be involved with any or all of the following on a daily basis:
* Performing analysis of the data captured by monitoring systems;
* Responding to and investigating alerts raised by proprietary tool sets;
* Assisting in the generation of new signatures / rules;
* Training and supervising junior analysts;
* Supporting Investigative Consultants with incident response investigations;
* Attending client site to gather data
Key Skills & Requirements:
* Comprehensive knowledge of various types of malware, as well as a strong knowledge of infection vectors and indicators of an infection;
* Comprehensive knowledge of common network protocols such as TCP/IP, HTTP, DNS, etc;
* Comprehensive knowledge of IDS principals, the purpose of them and an understanding of how they work;
* Exposure to computer networking design principals;
* Good understanding of SQL;
* Experience of, or exposure to, programming beneficial;
* Good understanding of a range of other protocols such as ARP, DHCP, SMTP, FTP, Telnet, IRC, LDAP, SSL;
* Good knowledge of typical business network architecture (i.e. type of servers/devices you'd expect to see);
* Good knowledge of currents Information Security threats and/or past threats;
* Good knowledge of TCPDump, WireShark, Snort, and/or other security tools;
* Experience of providing training and working in a supervisory role to junior staff beneficial but not essential;
* A 'can do' attitude.