Senior Security Analyst
Senior Security Analyst
- 99 City Rd, London, UK Full-time
- Level: Employee - Standard
Inmarsat has been at the forefront of global mobile satellite communications for over forty years, and is the market leading provider of voice and high-speed data communications for users on land, at sea and in the air through its constellation of 14 geostationary satellites. Inmarsat is a privately owned company with a profitable track record and significant growth aspirations. This is represented by more than 55 nationalities in the workforce, reflecting the global and dynamic nature of the business. With an investment of over $3 billion in its latest network infrastructure, Inmarsat is at the forefront of global mobile communications innovation.
Chief Operations Office
Inmarsat’s Chief Operations Office (COO) plays a vital role managing the services that keep our business running and delivering to our customers. COO consists of 9 functions including: Satellite Operations, Network Operations, Service Assurance, Service Delivery Aviation and Customer Assurance, Service Delivery and Supply Chain, Project Management Office, Global Cyber Security and Group IT
Primary role purpose:
Inmarsat Group Operation (COO) manages all of Inmarsat’s communications networks, which provides data communications to various sites and systems as part of Business Infrastructure and Revenue earning systems. These networks are critical to Inmarsat’s revenue generation and have to be treated as such to provide secure, resilient and timely movement of data. The networks are being expanded as new Inmarsat offices are opened, new systems implemented, new requirements formulated, and to meet current industry standards and best practises.
As part of this network expansion we are looking for a Senior Security Analyst (Incident Handler and Vulnerability Management). The role is part of Inmarsat’s Security Operations Centre (SOC). The Security Analyst should be experienced in the areas of networking, client/server technologies, and analysing log files with the ability to identify false positive and true positive events. The Security Analysts should be able to analyse incidents and correlate it with appropriate contextual data to determine classification, prioritisation and response to incidents. This role may also be required to follow the incident response plan and assist SOC Threat Response Analysts when necessary.
The Senior Security Analyst will conduct vulnerability assessments, monitor systems, networks, databases and Web hosted services for potential system breaches. Respond to alerts from information security tools. Report, investigate and resolve security incidents. Educate and communicate security requirements and procedures to all users and new employees. Recommend changes to enhance systems security and prevent unauthorized access. Research security trends, new methods and techniques used in unauthorized access of data in order to pre-emptively eliminate the possibility of system breach. Ensure compliance with regulations and privacy laws.
- Monitor the alarm console; provide initial analysis of logs and network traffic; and make security event determinations on alarm severity, escalation, and response routing
- Provide communication and escalation throughout the incident as per Inmarsat’s Security Incident Management guidelines
- Act as the primary escalation point to other Security Analysts monitoring the Security Information and Event Management (SIEM) System & provide initial investigation of security incidents. Take an active part in the containment of incidents, even after they are escalated
- Deliver investigation and remediation activities as a member of the Security Incident Response Team. Participate in Security Incident Response Team (SIRT) events
- Coordinate with data asset owners and business response plan owners during high severity incidents and vulnerabilities
- Conduct research and assessments of security events; provide analysis of firewall, IDS, anti-virus and other network sensor produced events; present findings as input to SIRT
- Lead the Compliance/Vulnerability Assessment (VA) Scanning programme, taking ownership of the platforms and processes. Follow a documented process for routine scanning of Inmarsat infrastructure and network elements. Develop mitigation and remediation plans as a result of the vulnerability assessment findings
- Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs)
- Understanding of performing analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives
- Create and update security event investigation notes, conduct shift change reports on open cases, and maintain case data in the Incident Response Management platform
- Continuous engagement with the Threat Intelligence and 24x7 Monitoring teams
- Provide ad-hoc on-call support to review threats and response actions for off-hour critical threat detection
- Document information security operations policies, process and procedures
Essential Knowledge and Skills:
- A University degree level education or equivalent in Information Security, Forensics, or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis
- A Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or equivalent certification would be advantageous
- Intermediate knowledge of Information Security fundamentals, technologies, and design principals
- Understanding or proven experience in securing Windows, Linux, Oracle and VM platforms
- Understanding or proven experience of QRadar or similar Security Information and Event Management (SIEM) tools for analysing network and security incidents
- Experience in Tenable Network Security Nessus, BeyondTrust Retina or similar Vulnerability Assessment (VA) scanner operations for identifying network and platform risks and mis-configurations. Experience in Security Assessment tools/frameworks (NMAP, Nessus, Metasploit, Netcat)
- Knowledge of network security zones, firewall, IDS
- Network analysis tools like Wireshark and TCPDump
- Knowledge of log formats for syslog, http logs, DB logs and how to gather forensics for traceability back to event
- Knowledge of packet capture and analysis
- Experience in log management or security information management tools
- Foundational security training
- Foundational SIEM training
- Advanced SIEM/IDS content building training
- Ethical hacking training would be advantageous
- Willingness to learn new skills and be self-motivated
- Ability to work in a team environment, to work under pressure and show flexibility
- Excellent verbal and written communication skills in English
You must be eligible to work in this location advertised.
Our values define Inmarsat’s culture and represent what we believe in. Inmarsat employees aspire to certain behaviours which support our corporate values, they create a stronger working environment and lie at the heart of our continued success as an organisation.
- Accountability – taking ownership, getting results and keeping our promises
- Respect – collaborating, embracing diversity and valuing differences
- Excellence – creating bold solutions for our customers and putting quality at the heart of everything we do