Digital Security Specialist
at NHS, Leeds
Salary: Competitive and dependant on experience
Job Type: Contract
Industry: Public Sector
Protective Monitoring – working with the SOC’s toolset to provide triage and analysis of notable cyber security events which are generated from customer environments, gathering technical information and helping to give context to alerts as they occur. Documenting findings and escalating to the Incident process where required.
• Incident Handling – Carrying out the creation and handling of incidents for customers according to established service agreements. Ensuring incidents are prioritised according to agreed frameworks, escalating where appropriate and managing these through to a satisfactory resolution.
• Major Incident Management – Participating in major incidents, either as lead or an involved party to ensure efficient resolution of major incidents and delivering appropriate communications and ticket management as per major incident processes. Participating in any resulting incident review or lessons learned sessions.
• Threat Hunting – Using available tools, logs, direct system access, etc. carry out proactive work for the SOC’s customers to find cyber security issues based on an initial hypothesis, helping to identify security problems and improve the security posture of TTCE PM’s customers
• Contributing to Knowledge Base – Actively contribute to the ongoing development of the shared TTCE PM knowledge base, documenting and improving SOC processes.
• Content Development – playing an active role in the SOC’s Use Case Factory process, using a threat-led approach to improve and develop the content which drives the team’s Protective Monitoring function. This could be through identifying and designing new content, conversion of threat hunts, tuning existing content or other improvements.
• Experience working in a technical cyber security role within a SOC or Incident Response team
• Extensive knowledge of common security tools and their usage (particularly SIEM)
• Strong knowledge of Information Security & Cyber Security (Security+, CPIA/CPSA, SSCP/CISSP, GCIH)
• Experience in security content generation for common security tooling
• Ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services
• Analytical approach and strong problem-solving ability
• Basic knowledge of ITIL concepts and incident management
• Good written and verbal communication skills – able to present technical information to different types of stakeholders.
• Cloud technology experience (AWS and Azure – Security focus especially)
• Splunk Enterprise Security experience and associated certifications
• Familiarity with common cyber security frameworks (MITRE ATT&CK, Cyber Kill Chain)
• Experience of incident response engagements, whether on-prem or in cloud environments.
• Familiarity with the Atlassian productivity suite (Jira, Confluence)