Job Description
217828 - Senior Analyst - Cyber Security
Cambridge (hybrid – open to discussion)
Purpose of the position:
The focus of this technical role is on threat prevention, detection and response for the group of companies, including the configuration and monitoring of a security information and event management (SIEM) system, operating next generation antivirus, intrusion detection/prevention systems (IDS/IPS), vulnerability management tools and Firewall, DLP, Web and Email Security Gateways.
This is a senior role, where the holder will also be expected to evolve and expand the use of current security toolsets, help identify and implement additional tools, services, process changes, policy decisions and close compliance gaps, to enhance the protection and detection capabilities as risks evolve over time.
Responsibilities:
• Managing set checklists
• Problem management through to handover or resolution
• Threat identification and classification
• Incident response lead
• Report writing
• Effective communication
• Stakeholder management
• Continuous improvement
• Junior SOC staff mentoring
Tasks:
• Helping to maintain and monitor the effectiveness of security measures and controls
• Conduct and help coordinate, routine security event monitoring and investigations using available tools
• Use, configure and develop the use of a security information and event management (SIEM) and EDR tool
• Monitor and configure network intrusion detection and prevention systems
• Analyse and create reports for security incidents, to determine root cause and lessons learnt
• Create and rehearse Incident Response plans, support audits and red team engagements
• Work closely with other Cyber Security/IT team members and external support groups
• Routinely communicate with individuals both inside and outside the business
• Responding to, own and close/escalate service tickets
• Take ownership as required, of project activities assigned from internal or external projects
• Configuring, reviewing and reporting relevant risks using vulnerability testing tools/services
• Input into the risk management process and help prioritise key mitigation strategies
• Confidently work with outside services in the event of incident response or routine investigations, including Red/Blue Team engagements
• Support decision making
• Aid in the delivery of security awareness training to the business
• Mentor junior cyber security analyst/s
• On occasion, be able to cover Cyber Security Manager operational responsibilities
Behavioural Competencies:
• Overcome obstacles
• Ensure self and team are aware of own risks
• Recognise similarities in patterns or data
• Develop yourself
• Demonstrate Integrity
• Prioritise and solve complex problems
• Be innovative
• Can identify own strengths and development areas. Communicates effectively
• Regularly coach and mentor team members
• Invite feedback and give balanced, regular feedback on tasks
• Effective under pressure
Technical Competencies:
• Deep hands-on skills with Windows and ideally Linux operating systems, also networking and bespoke device types
• Very good awareness of computer networking protocols in relation to cyber security
• Administration, configuration and use of a Security Information and Event Management (SIEM) system, including creating alerts, reports, dashboards, handling IOCs and Threat Feeds
• Administration of Firewalls, Web Proxies, Web Application Firewalls, Email Security and Endpoint Detection-Response software
• Technical understanding of common cyber security threats, faced by individuals or organisations, as well as mapping threats to frameworks such as MITRE ATT&CK
• Extensive and detailed knowledge of how software/hardware vulnerabilities can be exploited
• Ability to prioritise risks in terms of potential likelihood, impact, consequences and mitigations
Education:
• Desirable - Certifications offered by vendors, including Microsoft, Cisco etc
• Desirable – BSc/MSc or equivalent level in Computer Science or Information Technology
• Desirable – Malware Analysis or Cyber Incident Response/Handler qualifications
• Desirable – Certified Information Systems Security Professional (CISSP)
• Essential - Any Cyber Security related qualifications
Experience:
• Experience working in a Security Operations Centre or similar role
• Detailed exposure to Applications, Networks, Servers and/or Endpoint devices
• Working with large amounts of data, for analysis, reporting or general IT services
• Experience documenting, developing and expanding on existing operational cyber security processes and playbooks
• Exposure to and experience of recovering from cyber security incidents
• Experience working in or for a highly regulated industry, with data classifications and compliance frameworks
• Practical hands on experience knowledge of vulnerability scanning and pen testing type tools
• Experience doing gap analysis, threat modelling and managing/mapping TTPs
• Collating and presenting information to others inside and outside IT or Security Teams
• Compiling risk assessments, technical, security or otherwise, including lessons learnt
Additional local needs
• Be available to attend site at short notice should there be a major cyber incident which requires onsite investigation, coordination or response.