Advance your career with CDS Defence Support
- Set up and configure the MoD event log data stores
- Utilise tools within ArcSight, to build “use cases” to process system data that will provide indicators and warnings
- Perform 1st line analysis/triage on warning indicators which will form the basis for further in-depth analysis and reporting
- In co-operation/consultation with system managers and individual system auditors, manage the data flow for system audit data and processing, making sure it is aligned with current policy
- Develop and test system improvements to the ACE analysis suite. Programming a number of complex searches, utilising search logic, to fully test the system in meeting the exacting standards of incident reporting for Enterprise Audit
- Review and develop “use case” design, improving on speed, content and accuracy
- Perform development, integration and compliance work of new systems identified for ingestion into the audit system
- Inter-action with other agencies to facilitate incident management and reporting for onward escalation
- Provide additional resources to send analysts out off site to perform audit and analysis on networks unable to connect to the core capability, improving detection capability
- Participate in working groups with other teams to address “use case” requirements and development, and identify intelligence audit gaps/risks
Aligned to Joint Cyber Unit (Corsham), The Enterprise Audit (EA) role forms part of a wider team that is responsible for developing, implementing and improving measures to safeguard MoD Information. The EA team is specifically tasked to safeguard Above Secret (AS), putting in place measures to guard against accidental or unauthorised disclosure, modification or destruction of intelligence material.
The post is responsible for providing technical development and engineering support to a security information and event management (SIEM) / threat detection capability within Defence Intelligence. The incumbent will be responsible for day-to-day administration of a sensitive IT system, and technical development to build and improve the overall capability.
The work requires close interaction with the analysts within team, who act as end users, and provides opportunities to develop data analytics applied to a new and growing area of interest. There is a requirement to engage with subject matter experts across the intelligence community, and with other stakeholders throughout Defence.
Technical Development work, to include:
• Working with data owners to ensure required inputs are available for the SIEM / threat detection platform and that these match end user requirements.
• The creation and maintenance of data translation processes, including the use of XSLT
• Develop tools and novel solutions for analysing the input data in cooperation with analysts
Engineering work, to include:
• System maintenance for the SIEM / threat detection platform and undertaking hardware and software fault investigation.
• Ensuring the SIEM / threat detection platform accreditation status and safety case documentation remains valid.
• Installation of new equipment on the SIEM / threat detection platform
• The successful candidate will have a background in at least one of these two areas, and with an interest in developing new skills.
• The successful candidate should have experience in the use of programming languages, with current understanding of XML/XSLT, Java and SQL databases. would be beneficial.
• The successful candidate would be expected to have a relevant degree level qualification and/or suitable equivalent experience and qualifications. They must have high computer literacy and be able to maintain and develop a bespoke network.
• Ability to conduct complex technical discussions and negotiations with a wide range of stakeholders from across Defence and wider HMG departments.
• The ability to conduct diagnosis of issues, both system and process based, and identify suitable solutions from a range of options.
• A current DV clearance with SPC and/or Enhanced DV
• Ability to work both alone and within a team
• Understanding the cyber threat lifecycle or common attack types (e.g. Insider Threat, Phishing, DDoS), and their associated methods.
• An understanding of the varied systems used within the intelligence community at the AS level
• Ability to use Account Collection Engine software package
• Prior experience of conducting protective monitoring/security auditing on complex window and Linux environments networks.
• ArcSight ESM – Administrator and Analyst 6.9.x Course
• Competitive remuneration package
• 25 days annual leave (excluding bank holidays)
• Flexible working hours
• Pension scheme
• Life Assurance Scheme
• Childcare voucher scheme
• Cycle to work scheme