Monitoring
Role overview
The role of monitoring is to collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.
Role level
Typical role expectations
At this role level, you will:
- work within established security and risk management governance structures, usually under supervision to support, review and undertake straightforward risk management activities such as:
- help with the analysis and derivation of business-supporting security needs
- undertake cyber security related risk assessments, basic threat assessments and other risk management activities
- understand of the applicability of appropriate legislation and regulations
- provide advice to address identified cyber security related risks by applying of a variety of security capabilities, which may include using published guidance, standards or experts as appropriate
- provide straightforward advice to validate the effectiveness of risk mitigation measures, including an understanding of how to use different assurance activities (such as a pen test) and make recommendations for improvement
- help risk or service owners to make decisions that are well informed by good and clear security advice, including contributing to reports or working within established reporting chains in a security team
- support implementation of the monitoring roadmap to enhance monitoring in line with requirements, policies and standards to govern all activities and outputs
- monitor, triage and investigate security alerts on protective monitoring platforms to identify security incidents and perform analysis of security event data to support the response, reporting or escalating where appropriate
- design, develop and support automated monitoring processes, using a variety of the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity and ensure continuous improvement through dashboard monitoring or retrospective assessment
Typical role expectations
At this role level, you will:
- independently undertake risk management activities within a given area of practice or expertise, usually within established security and risk management governance structures
- lead the analysis and derivation of business-supporting security needs, undertake Cyber Security related risk assessments, conduct tailored threat assessment and other risk management activities, and ensure activities are consistent with applicable regulations and legislation
- provide tailored advice to a range of stakeholders on how to remedy identified risks by proportionately applying security capabilities, using published guidance, standards, and drawing on a range of experts as well as personal expertise
- provide expert security advice that highlights cyber security related risks, so risk or service owners can make well-informed and auditable decisions
Typical role expectations
At this role level, you will:
- lead and undertake risk management activities against the hardest or most novel scenarios, while applying the fundamental principles of risk management to a range of complex scenarios, and lead regulatory or legislative compliance activities
- guide and direct specialist activities of others, actively promoting development in the applicable skills, providing leadership to other risk managers, and sharing best practice widely across government, the public sector, and industry
- lead the analysis and derivation of complex security needs
- lead cyber security related risk assessments and other expert risk management activities, including providing guidance on establishing the organisation’s cyber security related governance arrangements
- provide guidance to ensure ongoing confidence that fundamental organisational security needs have been met, including integrating a range of assurance approaches and techniques to give continued confidence to the risk, service or system owner
- shape leadership decision-making through:
- effective reporting and communication regarding the effectiveness of security processes across an organisation
- providing recommendations to highly complex problems
- acting as an SME for complex cyber risk management concerns, issues and problems
Skills
| Skill | Associate | Lead | Principal |
|---|---|---|---|
| Information risk assessment and risk management | Practitioner | Practitioner | Expert |
| Applied security capability | Practitioner | Practitioner | Practitioner |
| Protective security | Working | Practitioner | Expert |
| Threat Understanding | Working | Practitioner | Practitioner |
Core learning
Entry level
CompTIA IT Fundamentals
Management of Risk (M_o_R) Foundation
Certified Security Risk Manager
Associate level
CompTIA Security+
Certified ISO 27001 Practitioner
Management of Risk (M_o_R) Practitioner
Lead level
Certified in Risk and Information Systems Control (CRISC)
CREST Registered Intrusion Analyst (CRIA)
SEC501: Advanced Security Essentials – Enterprise Defender
Principal level
FOR572: Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response
FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics
Automating Administration with Windows PowerShell