Security Analyst
Role Specification
Role Title: Security Analyst – Cyber Threat Management
Business Unit: SBS (Suncorp Business Services) Location: Brisbane
Division: Corporate Shared Services Pay Band: 4
Department: Cyber Security Operations Job Family: Other
Team: Cyber Threat Management Leader Profile: Team Member
Role Reports to (role title): Team Leader, Cyber Threat Management
Direct Reports (role titles): None
Total Employees (total number
of employees reporting through to this role, if applicable):
None
Purpose of the role (What the role does; how the role contributes to the team/department/division goals)
The mission of the Cyber Threat Management Team is to monitor, assess, and defend Suncorp’s information systems and environments from internal and external threats.
The Security Analysts within the team provide technical expertise and are responsible for the delivery of service excellence within the following areas of the team’s operations:
• Security event analysis, escalation and reporting
• Security event remediation and prevention advice
• Monitoring of policy, standards and compliance
• Vulnerability scanning
The Security Analyst roles are also heavily involved in supporting the delivery of the following services:
• Threat intelligence management
•
Penetration testingKey Accountabilities (Key activities, tasks and outcomes to be achieved) • Technology Leadership:
• Monitoring and detection of threats (including malicious code) by ensuring appropriate system logs, tools, processes and reporting mechanisms are in place, as well as utilising industry threat monitoring systems.
• Response and prevention of threats by taking immediate action, engaging with other teams/partners as required, undertaking post incident review, and recommending preventative actions/controls.
• Monitoring the IT environment for any indicators of security policy breaches, and taking the appropriate action to resolve. Ensuring that basic security hygiene practices (e.g. patching, DLP, access violation, etc.) are monitored and appropriate action taken.
• Ensuring a defined vulnerability scanning program of scheduled assessments is undertaken. Maintain a register of actions and risks from these assessments, and follow up on actions and risks that have been identified.
• Vendor relationship management of Managed Security Services solutions.
• Operational Excellence: Enhancing and streamlining operational activities to reduce effort, minimise complexity, reduce instances of error and save money.
• Service Excellence: Using Agile techniques, support the product, platform and service based teams throughout the business to deliver customer value. To help build and work within self-empowered high performance teams which will deliver high quality value frequently.
• Enabling Partners: Assisting SBS teams by co-ordinating patch governance forums to ensure desktop & server patching is undertaken to a sustainable level. To help with continuous delivery, continuous development, and security based Devops (SecDevOps).
• Governance: Undertake activities and tasks, mindful and compliant with all relevant governance, policies and procedures. Be a proactive supportive voice of the Suncorp risk community, helping with education, awareness, and compliance.
Working Relationships (Key stakeholders, clients, customers, suppliers, providers, consultants, etc.)
Internal Relationships
• Suncorp Business Services
• All Suncorp business groups External Relationships
• Strategic partners
• Managed service providers
• Technology vendors
General Services & Activities
•
Security Event Analysis, Escalation and ReportingPerforming 24x7 cyber security event monitoring, identification and analysis of the Suncorp Group IT environment. Ensuring that events are managed and actioned, with escalation of incidents to the appropriate teams as required. Intrusion Detection:
o Monitor and detect intrusion events using tools and data provided by other teams & partners and assist with incident response and prevention advice
o Monitor for malware (i.e. virus, worms, trojans, spyware, adware, etc.) using tools and data provided by other teams, determine infection entry points & assist with remediation and prevention advice
o Monitor logs for anomalies
o Monitor external activity not covered by Intrusion Prevention Systems o Monitor irregular internal network activity
Data Leakage:
o Monitor for data exfiltration using tools and data provided by other teams & partners and assist with event remediation and prevention advice
Threat Analysis:
o Analysis of threats identified from internal and external sources o Statistical analysis of logs and other data sources
o Proactively look for behaviour anomalies and investigate (ie. hunting) o Understand network behaviour and traffic trends
o Track change activity for unexpected security modifications Security Log Management:
o Work with Stakeholders to assist them in complying with security log collection, retention and monitoring requirements
Reporting/Alerting:
o Understand capabilities of Stakeholder tools to assist with detection and alerting
• Security Event Remediation and Prevention Advice
Drive technology teams to undertake security event remediation activities, ensuring that rapid turnaround occurs.
• Policy, Standards and Compliance Monitoring
Monitoring the IT environment for any indicators of security policy breaches, and taking the appropriate action to resolve. Ensuring that basic security hygiene practices (e.g. patching, DLP, access violation, etc) are monitored and appropriate action taken.
o Privileged Access Compliance o Privileged Account Management o User behaviour monitoring o PCI DSS Card Data Recon o Patching Governance
Organisational Chart
Person Specification
Key Job Requirements
Qualifications (Indicate whether mandatory or desired)
• Current Industry Technical Qualifications is highly desirable
• Tertiary Qualification in Information Technology is desirable
Experience (the minimum amount of experience required to perform in the role)
• At least 5 years hands-on IT experience.
• At least 3 years experience in IT operations within a large organisation.
• Specialised knowledge of security-related concepts, practices and technologies. 24x7 Rostered On-call Services
• Participation in a 24x7 on-call roster is mandatory
Technical Capabilities (skills, knowledge, technical or specialist capabilities)
• Technical knowledge of enterprise level security platforms, including: Networking technologies, Firewall technologies, Web Application Firewall technologies, data leakage and anti-malware technologies.
Executive Manager
Cyber Security Operations
Team Leader
Cyber Threat Management
Security Analyst
• Technical knowledge of infrastructure and application vulnerability assessment tools and a conceptual knowledge of Secure Software Development Lifecycles and common application vulnerability classes (i.e. OWAP top ten).
• Logging systems and analysis tools (including Security Information & Event Management (SIEM) and forensic tools) (e.g: Netwitness, Splunk, etc.).
• Linux, Unix, windows, mobile technologies, cloud technologies.
• Current knowledge of the Internet and internal threat landscape trends, including malware, hacking tools and a current understanding of the “security research” being carried out by the hacking community.
• Knowledge and commercial experience with industry standard security practices.
• Be able to demonstrate a solid understanding of disciplines in change control, security, performance monitoring, on-going administration and documentation.
• Previous experience working within an Agile environment, with an excellent understanding of the Agile practices.
Skills and Abilities (Individuals capabilities, include level of proficiency)
• Ability to understand the implications of threats in terms of Suncorp’s business, risk, policy, and industry best practice.
• Ability to collaborate with many different technical teams and lead security activities involving analysis, escalation, response, remediation and prevention.
• Ability to perform research into threat trends and developments, and produce management level reports that include recommendations and prioritised actions.
• Ability to perform scripting and automation of threat management activities.
• Ability to develop operational documentation, procedures and processes and manage the implementation of these across the relevant technical teams.
• Strong customer focus with a ‘can-do’ attitude.
• Ability to work well in a team, as well as independently and without direct supervision.
• Ability to work well under pressure.
• Excellent verbal and written skills, with the ability to communicate effectively at all levels.
Job Family Capabilities (capabilities specific to a job family role including levels of proficiency required ) • Business Acumen - Foundation
• Consulting - Intermediate
• Diagnostics & Analytics - Advanced
• Change Leadership - Foundation
Suncorp Leader Profile
Leader profiles describe behavioural expectations at all levels (from Team Member to Strategic Leader) across the Suncorp Group.
Clarity of Purpose
• Knowing and contributing to Suncorp’s strategy
• Driving the strategy with a sense of purpose
• Planning for success Customer Focus
• Knowing and delighting our customers
• Delivering great customer outcomes
Relentless Execution
• Having clear objectives and targets linked to strategy
• Measuring, adjusting and continually improving results
• Building high performance teams Building Great Teams
• Working as One Team
• Attracting, developing and growing great talent
• Sharing and learning from others Simplicity and Agility
• Keeping things simple while driving innovation and creativity for competitive advantage
• Continuously improving the way we work and removing blockages
• Anticipating and adapting to changing market and business challenges
Prepared by:
(Name & position)
Mark Phillips
Team Leader, Cyber Threat Management
Date: 21/12/2015
Approved by:
(Name & position)
Colin Cassell
Executive Manager, Cyber Security Operations