Cyber Security CSOC Specialist

ENEC Operations

Job Title: Cyber Security Operations Centre Monitoring and Analysis

Responsibilities And Accountabilities:

• Monitor Cyber Security events from various sources, including, but not limited to, Security Information and Event Management systems, Intrusion Detection Systems/ Intrusion Prevention Systems network monitoring tools and log files analysis, check for potential issues to ensure that potential malicious activities are mitigated or prevented.
• Triage Alerts that are triggered by the Security Information and Event Management systems before they are raised to Tier-2 analysts to ensure that that Tier-2 analysts have enough information to further investigate events.
• Investigate indicator of compromise in log management and security controls received by external and third-party advisories to ensure emerging threats are detected.

Activity: Alerts Investigation

Responsibilities And Accountabilities:

• Perform an initial investigation and correlation of events triggered in the Security Information and Event Management systems and other tools within the Cyber Security Operations Centre to identify possible security threats to the environment.
• Identify non-malicious false alerts and work with other stakeholders to exclude them from being triggered in the future.
• Asses and/or escalate the alerts raised by the tooling within in the time set by the applicable Service-Level Agreement (SLA).

Activity: Security Triage

Responsibilities And Accountabilities:

• Extract artefacts of interest from log data and examine them, recording all relevant information in a Security Incident ticket to make sure that the Tier-2 analyst has all the information to efficiently and effectively assess the potential incident.
• Escalate alerts raised by the Security Information and Event Management systems, into potential Incidents, to Tier-2 analysts for confirmation

Activity: Assets and Process Monitoring

Responsibilities And Accountabilities:

• Periodically check to ensure that the Critical Digital Assets (CDAs) and the plant operations network are properly monitored by checking the lists of CDAs against the actual assets that are sending logs to the Security Information and Event Management systems.
• Ensure that the security monitoring systems are properly functioning, and that the data shown by them is accurate by following up the events that are triggered by the system if an asset did not send applicable logs for a predefined period.

Activity:Health and Safety, Security, and Business Continuity

Responsibilities And Accountabilities:

• All individuals take personal responsibility for safety; follow company HSE policies, procedures and instructions; avoid complacency and continuously challenge existing conditions and activities in order to identify discrepancies that might result in error or in appropriate action; report any situation that could present a hazard; not intentionally or recklessly interfere with or misuse anything provided at the workplace in the interest of health, safety, welfare or protection or management of the environment.
• Follow all relevant Security policies, processes, procedures and instructions to ensure security compliance in all aspects of work, by applying them on self, others and Corporate assets.
• Follow all relevant Business Continuity and Resilience requirements for compliance with, and adherence to, policies, procedures and instructions related to the effective planning for, and response to, incidents and/or business disruptions in order to continue critical business processes and activities with minimal adverse impact.