Cheltenham, England, United Kingdom
Manager of Analysis Services within Team Cymru’s Threat Intelligence team (S2). Team Cymru's mission is to save and improve lives through our data and analysis, which is used by security teams across the globe to track and disrupt malicious activities and infrastructure.
• Monitoring ArcSight SIEM for active threats, conducting analysis on the information available • Utilising and creating custom queries, trends, reports, lists, etc. within ArcSight for extensive analysis on historical and current data • Analysing data from a variety of log sources such as Juniper / Sourcefire IDS, including running reports • Apply networking knowledge to analyse full-packet captures using RSA Netwitness Suite and Wireshark • Using the NATO Malware Information Sharing Platform (MISP) to identify threats, as well as liaise and coordinate with other community members to maintain an efficient and current database • Working closely with other analysts to maintain a consistent and verbose incident management system • Adhere to NATO-guidelines on data and information management, communicating extensively with other members of the NCIRC programme • Worked within the bounds of highly secure, airgapped systems and environment • Creating Python scripts for Bristol SOC utility to assist with daily tasks
• Performing in-depth analysis of network, application, and system event data in order to identify malicious behaviour • Monitoring IPS and IDS systems for active threats, and responding to them appropriately • Creating and deploying custom signatures (including SNORT rules) and IOCs for a variety of systems • Performing remote audits on hosts for investigation and remediation purposes • Conducting static and dynamic malware analysis • Utilising a large variety of analysis tools and techniques across different operating system environments • Managing personal projects, including creating Python scripts to assist with day-to-day analysis • Writing extensive reports on security incidents to be sent to external customers • Actively communicating with customers, including monthly conference calls to provide advice and guidance on threat mitigation and service statuses
• Assisting with the maintenance of the ISO27001:2005 Information Security Management System • Conducting internal and external penetration tests on infrastructure using software such as Nessus • Performing audits on servers, workstations and user profiles to confirm secure deployment into the network and ensure security policies and business requirements are adhered to • Providing advice and guidance to the company on threat mitigation based on the latest security information