Lead Cyber Defence Analyst
As a seasoned lead analyst you will help the wider analyst team perform alert monitoring, incident response, investigation and research on existing and emerging cyber threats. The position focuses on leveraging your understanding of the tactics, techniques, and procedures employed by advanced threats combined with intelligence from multiple sources to respond to a range of different and complex incidents. The Position:
We are currently supporting a cutting edge organization and will be responsible for the following:
- Delivering an enterprise level service where you have identified attacks, intrusions, unusual or illegal activity and acted in line with an incident management or response plan.
- Acting as a leader within a SOC environment, develop non-senior members of the team and challenge existing approaches with a view to delivering greater efficiency.
- Working in a close-knit team but with an ability to take the initiative to deliver innovative approaches.
- Own and author SOC playbooks, ensured they are followed and that they are regularly reviewed to identify better ways of working.
- Reviewing new technologies, working on proof of concepts and helping to decide the future technology stack of a SOC.
- Utilising a range of intelligence sources to hunt for threats across an infrastructure. Taking the lead in threat hunting and training junior members of the team to help them develop in to seasoned Cyber Defence Analysts.
- Identifying opportunities to automate response to alarms, helping to drive maximum efficiency in a SOC to ensure time and resource availability to identify the true threats.
- Staying up to date with current security trends, attack approaches, campaigns and APT groups with a view to utilizing that knowledge while identifying threats to the business.
We are looking for team members with an exceptional track-record of delivering security to a range of business types and sizes. You'll bring the following:
- Expert knowledge and hands-on management of a SIEM/SOAR tools including the ability to analyse business practices, derive security use-cases and build alarm rules to cater to them.
- Strong knowledge of cyber threat hunting, advanced attack vectors and using cyber intelligence to proactively discover threat behavior.
- Strong knowledge in network and host-based security as a minimum as well as experience in web application security and client-server application security.
- Strong knowledge of approaches to exploiting Windows, Mac OS and Linux operating systems.
- Significant experience of utilizing a range of SOC technologies such as Endpoint Detection and Response tools (for example Carbon Black, Crowdstrike, Cybereason), Email Security Gateway (for example Symantec Email Security, Cisco Ironport), Web Security Proxy (for example Zscaler, Websense, Barracuda).
- Expert knowledge of a range of log types and headers with particular focus on email headers, IIS logs, AD logs etc.
- Practical knowledge of industry standard frameworks such as ISO 2700x, NIST, ITIL, etc.