Security Analyst Rle Specificatin Rle Title: Security Analyst Cyber Threat Management Business Unit: SBS (Suncrp Business Services) Lcatin: Brisbane Divisin: Crprate Shared Services Pay Band: 4 Department: Cyber Security Operatins Jb Family: Other Team: Cyber Threat Management Leader Prfile: Team Member Rle Reprts t (rle title): Direct Reprts (rle titles): Ttal Emplyees (ttal number f emplyees reprting thrugh t this rle, if applicable): Team Leader, Cyber Threat Management Nne Nne Purpse f the rle (What the rle des; hw the rle cntributes t the team/department/divisin gals) The missin f the Cyber Threat Management Team is t mnitr, assess, and defend Suncrp s infrmatin systems and envirnments frm internal and external threats. The Security Analysts within the team prvide technical expertise and are respnsible fr the delivery f service excellence within the fllwing areas f the team s peratins: Security event analysis, escalatin and reprting Security event remediatin and preventin advice Mnitring f plicy, standards and cmpliance Vulnerability scanning The Security Analyst rles are als heavily invlved in supprting the delivery f the fllwing services: Threat intelligence management Penetratin testing Key Accuntabilities (Key activities, tasks and utcmes t be achieved) Technlgy Leadership: Mnitring and detectin f threats (including malicius cde) by ensuring apprpriate system lgs, tls, prcesses and reprting mechanisms are in place, as well as utilising industry threat mnitring systems. Respnse and preventin f threats by taking immediate actin, engaging with ther teams/partners as required, undertaking pst incident review, and recmmending preventative actins/cntrls. Mnitring the IT envirnment fr any indicatrs f security plicy breaches, and taking the apprpriate actin t reslve. Ensuring that basic security hygiene practices (e.g. patching, DLP, access vilatin, etc.) are mnitred and apprpriate actin taken. Ensuring a defined vulnerability scanning prgram f scheduled assessments is undertaken. Maintain a register f actins and risks frm these assessments, and fllw up n actins and risks that have been identified. Vendr relatinship management f Managed Security Services slutins. Operatinal Excellence: Enhancing and streamlining peratinal activities t reduce effrt, minimise cmplexity, reduce instances f errr and save mney. 1
Service Excellence: Using Agile techniques, supprt the prduct, platfrm and service based teams thrughut the business t deliver custmer value. T help build and wrk within self-empwered high perfrmance teams which will deliver high quality value frequently. Enabling Partners: Assisting SBS teams by c-rdinating patch gvernance frums t ensure desktp & server patching is undertaken t a sustainable level. T help with cntinuus delivery, cntinuus develpment, and security based Devps (SecDevOps). Gvernance: Undertake activities and tasks, mindful and cmpliant with all relevant gvernance, plicies and prcedures. Be a practive supprtive vice f the Suncrp risk cmmunity, helping with educatin, awareness, and cmpliance. Wrking Relatinships (Key stakehlders, clients, custmers, suppliers, prviders, cnsultants, etc.) Internal Relatinships Suncrp Business Services All Suncrp business grups External Relatinships Strategic partners Managed service prviders Technlgy vendrs General Services & Activities Security Event Analysis, Escalatin and Reprting Perfrming 24x7 cyber security event mnitring, identificatin and analysis f the Suncrp Grup IT envirnment. Ensuring that events are managed and actined, with escalatin f incidents t the apprpriate teams as required. Intrusin Detectin: Mnitr and detect intrusin events using tls and data prvided by ther teams & partners and assist with incident respnse and preventin advice Mnitr fr malware (i.e. virus, wrms, trjans, spyware, adware, etc.) using tls and data prvided by ther teams, determine infectin entry pints & assist with remediatin and preventin advice Mnitr lgs fr anmalies Mnitr external activity nt cvered by Intrusin Preventin Systems Mnitr irregular internal netwrk activity Data Leakage: Threat Analysis: Mnitr fr data exfiltratin using tls and data prvided by ther teams & partners and assist with event remediatin and preventin advice Analysis f threats identified frm internal and external surces Statistical analysis f lgs and ther data surces Practively lk fr behaviur anmalies and investigate (ie. hunting) Understand netwrk behaviur and traffic trends Track change activity fr unexpected security mdificatins Security Lg Management: Wrk with Stakehlders t assist them in cmplying with security lg cllectin, retentin and mnitring requirements Reprting/Alerting: Understand capabilities f Stakehlder tls t assist with detectin and alerting Reprting/Alert generatin prcess imprvement within a security based DevOps framewrk 2
Security Event Remediatin and Preventin Advice Drive technlgy teams t undertake security event remediatin activities, ensuring that rapid turnarund ccurs. Plicy, Standards and Cmpliance Mnitring Mnitring the IT envirnment fr any indicatrs f security plicy breaches, and taking the apprpriate actin t reslve. Ensuring that basic security hygiene practices (e.g. patching, DLP, access vilatin, etc) are mnitred and apprpriate actin taken. Privileged Access Cmpliance Privileged Accunt Management User behaviur mnitring PCI DSS Card Data Recn Patching Gvernance Organisatinal Chart Executive Manager Cyber Security Operatins Team Leader Cyber Threat Management Security Analyst Persn Specificatin Key Jb Requirements Qualificatins (Indicate whether mandatry r desired) Current Industry Technical Qualificatins is highly desirable Tertiary Qualificatin in Infrmatin Technlgy is desirable Experience (the minimum amunt f experience required t perfrm in the rle) At least 5 years hands-n IT experience. At least 3 years experience in IT peratins within a large rganisatin. Specialised knwledge f security-related cncepts, practices and technlgies. 24x7 Rstered On-call Services Participatin in a 24x7 n-call rster is mandatry Technical Capabilities (skills, knwledge, technical r specialist capabilities) Technical knwledge f enterprise level security platfrms, including: Netwrking technlgies, Firewall technlgies, Web Applicatin Firewall technlgies, data leakage and anti-malware technlgies. 3
Technical knwledge f infrastructure and applicatin vulnerability assessment tls and a cnceptual knwledge f Secure Sftware Develpment Lifecycles and cmmn applicatin vulnerability classes (i.e. OWAP tp ten). Lgging systems and analysis tls (including Security Infrmatin & Event Management (SIEM) and frensic tls) (e.g: Netwitness, Splunk, etc.). Linux, Unix, windws, mbile technlgies, clud technlgies. Current knwledge f the Internet and internal threat landscape trends, including malware, hacking tls and a current understanding f the security research being carried ut by the hacking cmmunity. Knwledge and cmmercial experience with industry standard security practices. Be able t demnstrate a slid understanding f disciplines in change cntrl, security, perfrmance mnitring, n-ging administratin and dcumentatin. Previus experience wrking within an Agile envirnment, with an excellent understanding f the Agile practices. Skills and Abilities (Individuals capabilities, include level f prficiency) Ability t understand the implicatins f threats in terms f Suncrp s business, risk, plicy, and industry best practice. Ability t cllabrate with many different technical teams and lead security activities invlving analysis, escalatin, respnse, remediatin and preventin. Ability t perfrm research int threat trends and develpments, and prduce management level reprts that include recmmendatins and priritised actins. Ability t perfrm scripting and autmatin f threat management activities. Ability t develp peratinal dcumentatin, prcedures and prcesses and manage the implementatin f these acrss the relevant technical teams. Strng custmer fcus with a can-d attitude. Ability t wrk well in a team, as well as independently and withut direct supervisin. Ability t wrk well under pressure. Excellent verbal and written skills, with the ability t cmmunicate effectively at all levels. Jb Family Capabilities (capabilities specific t a jb family rle including levels f prficiency required ) Business Acumen - Fundatin Cnsulting - Intermediate Diagnstics & Analytics - Advanced Change Leadership - Fundatin Suncrp Leader Prfile Leader prfiles describe behaviural expectatins at all levels (frm Team Member t Strategic Leader) acrss the Suncrp Grup. Clarity f Purpse Knwing and cntributing t Suncrp s strategy Driving the strategy with a sense f purpse Planning fr success Custmer Fcus Knwing and delighting ur custmers Delivering great custmer utcmes Sharing and learning frm custmers 4
Relentless Executin Having clear bjectives and targets linked t strategy Measuring, adjusting and cntinually imprving results Building high perfrmance teams Building Great Teams Wrking as One Team Attracting, develping and grwing great talent Sharing and learning frm thers Simplicity and Agility Keeping things simple while driving innvatin and creativity fr cmpetitive advantage Cntinuusly imprving the way we wrk and remving blckages Anticipating and adapting t changing market and business challenges Prepared by: (Name & psitin) Apprved by: (Name & psitin) Mark Phillips Team Leader, Cyber Threat Management Clin Cassell Executive Manager, Cyber Security Operatins Date: 21/12/2015 Date: 21/12/2015 5