- Accountable for the definition and development of security tools that operate and are monitored within the Security Operations Centre (SOC) to identify and detect security threats, coordinating an effective response and recovery.
- Working with partners the Cyber Security Operations Analyst is accountable for coordinating an effective response and rapid recovery to detected security incidents and threats, minimising security incidents and potential impact, allowing the business to maintain availability.
- Accountable for effective governance that ensure policies and standards based on recognised best practice frameworks enable the delivery of best-in-class security operations.
- Incident Response - Lead or support the technical response to cyber security incidents in collaboration with partners and stakeholders
- Contribute to the development and improvement of security tools, technologies, and services used by the Security operations Centre and our partners to protect the client.
- Work closely with the Security Operations Centre to provide operational support and improve and mature use cases and playbooks.
- Assess threat intelligence and where necessary coordinate with partners to ensure appropriate remediation or mitigation activities are carried out
- Conduct reactive and proactive threat hunting, and contribute to the development of an intelligence-led framework, to protect client against emerging and known threats
- Contribute to post incident reviews to identify lessons learnt considering people, process, and tools to identify improvements and control enhancements to better detect, protect, respond to and recovery from a future cyber security incident
- Co-ordinate with partners to ensure vulnerability scanning and assessments are carried out, reported and appropriate remediation or mitigation activities are carried out
- Proactive monitoring of various security tools and technologies
- Participate and contribute to cyber incident response exercises
- Must have experience working in cyber security operations
- Must have practical experience of working in a security incident response team and leading the technical response to cyber security incidents
- Must have experience working with cyber security tools and technologies, including endpoint security, email security, network security, SIEM, SOAR, vulnerability scanning, and IDS/IPS
Cyber Security Operations Analyst
* Must have strong working knowledge and understanding of vulnerability management, threat intelligence and threat hunting
* Experience of working at pace within a complex operational environment
* Security qualifications such as Security+, CEH, GSEC, CISSP are desirable
* Understanding of cyber security standards and frameworks; ISO27001, NIST, SANS and OWASP
* Up-to-date knowledge of current exploits, vulnerabilities, threats, and security analysis techniques
* Knowledge of TCP/IP, network protocols, OSI model, routing and switching and packet analysis tools
* Understanding of various operating systems, including Windows and Unix
* Experience of conducting forensic investigation and analysis using different toolsets
* Working knowledge of one or more SIEM solutions
* Experience of improving the maturity level of security controls in line with industry best practice and standards
Project People is acting as an Employment Agency in relation to this vacancy.