Information Security Analyst - L1

Job Description

In a constantly changing world, we work together with our people, clients and communities to enable them to fulfill their potential to do great things. We believe that by bringing everyone together, we can solve problems using innovative technology that can create a world that is sustainable and secure. At NTT, we encourage you to remain continuously curious, as that is what keeps you fast, flexible and relevant. No two days will be the same but that is what will help you grow and realize your full potential.The power is in your hands to do great things. It s time to lead the change, be the authentic you, to solve difficult challenges, to set the pace of change and to unleash your potential.Want to be a part of our team This role is responsible for detecting and monitoring escalated threats and suspicious activity affecting Dimension Data s technology domain (servers, networks, appliances and all infrastructure supporting production applications for the enterprise, as well as development environments). This individual acts as the technical first responder for the Computer Security Incident Response Team (CSIRT), support the work of technical staff from various departments as well as third party technical experts.This individual in this role will use their technical competencies of systems and automated mechanisms to detect unauthorized activity on Dimension Data s information assets.Working at NTTStakeholder engagement

• Internal: Services teams, Information Security Operations
• External: TBC

Value Chain Linkage

• TBC

Skills and attributesInformation securityCommunicates information security risks and issues to business managers and others. Performs basic risk assessments for small information systems. Contributes to vulnerability assessments. Applies and maintains specific security controls as required by organisational policy and local risk assessments. Investigates suspected attacks. Responds to security breaches in line with security policy and records the incidents and action taken.Specialist adviceActively maintains knowledge in one or more identifiable specialisms. Provides detailed and specific advice regarding the application of their specialism(s) to the organisations planning and operations. Recognises and identifies the boundaries of their own specialist knowledge. Collaborates with other specialists, where appropriate, to ensure advice given is appropriate to the needs of the organisation.Configuration managementCarries out risk assessment within a defined functional or technical area of business. Uses consistent processes for identifying potential risk events, quantifying and documenting the probability of occurrence and the impact on the business. Refers to domain experts for guidance on specialised areas of risk, such as architecture and environment. Co-ordinates the development of countermeasures and contingency plans.Security administrationInvestigates minor security breaches in accordance with established procedures. Assists users in defining their access rights and privileges. Performs non-standard security administration tasks and resolves security administration issues.Problem managementInvestigates problems in systems, processes and services. Assists with the implementation of agreed remedies and preventative measures.Incident managementFollowing agreed procedures, identifies, registers and categorises incidents.Gathers information to enable incident resolution and promptly allocates incidents as appropriate.Work OutputsIncident response and monitoringThe function is to perform a variety of real-time threat analysis activities. This includes applying analytical, reasoning & specialised technical security expertise to investigate, isolate network and security incidents, identify threats, vulnerabilities, risks, and apply incident management techniques to resolve challenges.The role involves security incident handling and response from a number of vectors including End Point Protection and Enterprise Detection & response tools, attack analysis, malware analysis, network forensics, computer forensics, and a broad range of skills in LAN technologies, Windows and Linux O/S s, and general security infrastructure.Acts as the technical first responder for the Computer Security Incident Response Team (CSIRT), supporting the work of technical staff from various departments, as well as the work of third party technical experts. Regularly reviews the current configurations of Dimension Data production information systems and networks against compliance standards. Reviews and fine-tunes custom software which analyses the vast amount of log, audit trail, and other recorded activity information that modern systems record, so as to be able to immediately detect unauthorised activity, most importantly intrusion by unauthorised parties and the execution of unauthorised software.Fine-tunes the existing security monitoring systems so that false positives and false negatives are minimised, and so that both accurate and useful information is being passed to management and the CIRT. Works with Computer Performance Analysts, Computer Operators, and other technical specialists who monitor information system activities, so as to be able to best utilise the information recorded on the systems that they monitor for information security purposes. Performs post-mortem analyse with logs, network traffic flows, and other recorded information to identify intrusions by unauthorised parties, as well as unauthorised activities of authorised users which could be in support of an insurance claim, a disciplinary action, or a lawsuit.Manage security breachesThese individuals manage the prevention and resolution of security breaches and ensure that the required incident and problem management processes are initiated to ensure compliance to ISM policy. They present their findings to the business and advise on new measures required to prevent reoccurrence of similar breaches.Incident ManagementPrioritises and diagnoses incidents according to agreed procedures. Investigates causes of incidents and seeks resolution. Escalates unresolved incidents. Provides service recovery, following resolution of incidents. Documents and closes resolved incidents according to agreed procedures.Configuration ManagementMaintains secure, accurate, complete and current configuration on Configuration Items (CIs). Applies tools, techniques and processes to track, log and correct information related to CIs, ensuring protection of assets and components from unauthorised change, diversion and inappropriate use.Problem ManagementInvestigates and identifies root cause of incidents. Assists with the implementation of agreed remedies and preventative measures.Access managementEnsures that access is logged and tracked and that access is removed and/or restricted as per policy.Service reviewsEnsure that security service audit schedules are performed. They review access authorisation for compliance with policy, administration security controls for effectiveness, security on the operational systems and verify that security monitoring is working.Service improvementEnsure that continuous service improvements are documented in service designs and that the required security remediation plan is developed and reviewed.Next career steps

• Information Security Incident Response Analyst (L2)

Education required

• Relevant degree

Certifications required

• SANS GIAC Security Essentials (GSEC) or equivalent
• SANS GIAC Certified Intrusion Analyst (GCIA) or equivalent
• SANS GIAC Certified Incident Handler (GCIH) or equivalent

Work experience required

• At least 2 years experience in a Technology Information Security Industry
• End Point Protection Software
• Enterprise Detection & Response software
• Experience or knowledge of SIEM and IPS technologies
• Experience with Wireshark or tcpdump to identify normal and abnormal/malicious traffic patterns and behaviours
• Knowledge of technological advances within the information security arena
• Understanding of inter-relationships in an overall system or process
• Knowledge of information security management and policies

What will make you a good fit for the role Standard career level descriptor for job level: Seasoned and experienced professional Has full understanding of specialisation area Resolves wide range of issues in creative ways Fully qualified, career level, career journey-orientated Uses good judgement in selecting tools and methods to solve problems Networks with senior internal and external people in own area of expertise Receives little instruction on day-to-day work, receives general instructions on new assignments Typically requires demonstrable related experience with a Bachelor s or equivalent degree; or moderate level experience and a Master s or equivalent degree; or a PhD or equivalent degree without experience; or equivalent work experience,

Keyskills :
information securitysiemnetworkingmicrosoft accesscustomer relationssecurity incident responseinformation security managementroot causeaudit trailrisk assessmentsecurity policythreat analysiscustom software