Cyber Defence Analyst
Job title
Cyber Defence Analyst
Job description
Duration : until 31st March 2025
DV active
As a Cyber Defence Analyst; you will join an established security team responsible for designing, delivering, and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks.
Responsibilities:
- Develop and integrate security event monitoring and incident management services.
- Respond to security incidents as they occur as part of an incident response team.
- Implement metrics and dashboards to give visibility of the Enterprise infrastructure.
- Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.
- Produce documentation to ensure the repeatability and standardisation of security operating procedures.
- Develop additional investigative methods using the SOC’s software toolsets to enhance recognition opportunities for specific analysis.
- Maintain a baseline of system security according to latest threat intelligence and evolving trends.
- Participate in root cause analysis of incidents in conjunction with engineers across the enterprise.
- Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.
- Offer strategic and tactical security guidance including valuation requirement of technical controls.
- Be part of the CRM process
- Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident.
- Document, validate and create operational processes and procedures to help develop the SOC.
- Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.
Skills/Experience:
- Elastic Stack proficiency.
- Previous experience of Enterprise ICS/network architectures and technologies.
- Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.
- Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks.
- Skilled in using virtualisation software.
- Knowledge of key security frameworks (e.g. ISO, NIST 800-53).
- Ability to document and report security incidents clearly and concisely.
- Experience of writing Defence/Government documentation.
- Creation, development and management of security alert dashboards.
Desirable Qualifications:
- Broad Spectrum Cyber Course (CompTIA Sec+, SANS SEC401 or SEC501 or equivalent)
- SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
If you feel you have the skills and experience needed for this role; please do apply now.