Monitoring Lead

Role Summary

The role of Monitoring is to collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.

Role expectations

Manage the implementation of the monitoring roadmap.

Support the shaping of the monitoring strategy, ensuring requirements, policies and standards to govern all activities and outputs are met.

Manage the monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents, and reviewing analysis of security event data to manage security incident response, reporting, or escalation where appropriate.

Lead small monitoring teams in the design, development and enablement of automated monitoring processes, recommending and implementing the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to:

• detect malicious activity
• ensure continuous improvement through dashboard monitoring or retrospective assessment

Entry Route

Internal

Suitable for an individual from the Government Security Profession, Digital, Data and Technology Profession, or Analytics Profession

External

Suitable for an individual who has worked as a Cyber Security intelligence analyst, monitoring specialist and/or response specialist, or in big data or data science, artificial intelligence or machine learning, or digital forensics, in the private sector

Learning pathway

Core

CompTIA IT Fundamentals

• Certified in Risk and Information Systems Control (CRISC)

Foundation Certificate in Cyber Security

• CREST Registered Intrusion Analyst (CRIA)

CREST Practitioner Intrusion Analyst (CPIA)

• SEC501: Advanced Security Essentials – Enterprise Defender

Network Security Foundation

• GIAC Certified Enterprise Defender (GCED)