Monitoring Principal

Role Summary

The role of Monitoring is to collect and analyse security event data arising from activity across the organisation, tune and improve rules generating security alerts, and follow up by investigating indicators of potentially malicious activity, escalating incidents or initiating responses.

Role expectations

Lead wider implementation of a monitoring strategy, ensuring roadmaps are achieved as expected, ensuring requirements, policies and standards to govern all activities and outputs are met.

Lead monitoring, triaging, and investigation of security alerts on protective monitoring platforms to identify security incidents.

Review high-priority or high-complexity analysis of security event data to manage security incident response, making key decisions on reporting or escalations for monitoring.

Lead large, cross-functional monitoring teams in the design, development and enablement of automated monitoring processes, advising on the latest SIEM (Security Information and Event Management) and network analysis tools, techniques and procedures to detect malicious activity, while communicating directly with leadership on the progress and status of monitoring.

Entry Route

Internal

Suitable for an individual from the Government Security Profession, Digital, Data and Technology Profession, or Analytics Profession

External

Suitable for an individual who has worked as a Cyber Security intelligence analyst, monitoring specialist and/or response specialist, or in big data or data science, artificial intelligence or machine learning, or digital forensics, in the private sector

Learning pathway

Core

CompTIA IT Fundamentals

• MGT514: Security Strategic Planning, Policy and Leadership
  

NIST Cyber Security Professional (NCSP) Foundation Certificate

• MGT512: Security Leadership Essentials for Managers