Cyber Intrusion Analyst

Provided by

Enquire about this course

About the course

Role Profile

The primary role of a Cyber Intrusion Analyst is to detect breaches in network security for escalation to incident response or other determined function. An Intrusion Analyst will typically use a range of automated tools to monitor networks in real time, will understand and interpret the alerts that are automatically generated by those tools, including integrating and correlating information from a variety of sources and in different forms and where necessary seek additional information to inform the Analyst’s judgement on whether or not the alert represents a security breach. When an Analyst has decided that a security breach has been detected, he or she will escalate to an incident response team, or other determined action, providing both notification of the breach and evidence with reasoning that supports the judgement that a breach has occurred. An Analyst will typically work as part of a team (or may lead a team) and will interact with external stakeholders, including customers and third party sources of threat and vulnerability intelligence and advice.

Typical Job Roles:

Secure Operations Centre (SOC) Analyst, Intrusion Analyst, Network Intrusion Analyst, Incident Response Centre (IRC) Analyst, Network Operations Centre (NOC) Security Analyst

Entry Requirements

Individual employers will set the selection criteria, but this is likely to include A’ Levels, level 3 apprenticeship or other relevant qualification relevant experience and/or an aptitude test with a focus on functional maths.

Technical Competencies

  • Integrates and correlates information from various sources (including log files from different sources, network monitoring tools, Secure Information and Event Management (SIEM) tools, access control systems, physical security systems) and compare to known threat and vulnerability data to form a judgement based on evidence with reasoning that the anomaly represents a network security breach.

  • Recognises anomalies in observed network data structures (including. by inspection of network packet data structures) and network behaviours (including by inspection of protocol behaviours) and by inspection of log files and by investigation of alerts raised by automated tools including SIEM tools.

  • Accurately, impartially and concisely records and reports the appropriate information, including the ability to write reports (within a structure or template provided).

  • Recognises and identifies all the main normal features of log files generated by typical network appliances, including servers and virtual servers, firewalls, routers.

  • Recognises and identifies all the main features of a normally operating network layer (including TCP/IP, transport and session control or ISO OSI layers 2-5), including data structures and protocol behaviour, as presented by network analysis and visualisation tools.

  • Uses and effects basic configuration of the required automated tools, including network monitoring and analysis tools, SIEM tools, correlation tools, threat & vulnerability databases.

  • Undertakes root cause analysis of events and make recommendations to reduce false positives and false negatives.

  • Interprets and follows alerts and advisories supplied by sources of threat and vulnerability (including OWASP, CISP, open source) and relate these to normal and observed network behaviour.

  • Undertakes own research to find information on threat and vulnerability (including using the internet).

  • Manages local response to non-major incidents in accordance with a defined procedure.

  • Interacts and communicates effectively with the incident response team/process and/or customer incident response team/process for incidents.

  • Operates according to service level agreements or employer defined performance targets.

Enquire

Start date Location / delivery
No fixed date Plymouth

Related article

Cyber security training provider QA has teamed up with ethical social engineering specialist The AntiSocial Engineer to provide QA customers with a...