Cyber Response Analyst
About the Company
The company is a diversified international food, ingredients and retail group operating in 50 countries. Whilst some companies claim to be ‘the best thing since sliced bread’, this company actually are! In the 1930’s they introduced sliced bread to the UK for the first time.
The Security Operations team provides a suite of operationally focused services to The Shared Service Centre businesses allowing them to remain vigilant to the state of security and compliance within their environments, including security configuration changes, ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global security management systems.
Reporting to the Cyber Response team leader, the Cyber Response Analyst will perform incident analysis by correlating data from various sources and determine if a critical system or data set has been impacted. The role will also advise/assist in remediation when required and provide support for new analytic methods for detecting threats.
The role will also require them from time to time to take a proactive role in managing, coordinating and supporting any incidents across The Shared Service Centre and wider enterprise and provide regular updates to the Cyber Response team leader and the management team on the status of the cyber incident.
- Monitoring and analysis of cyber security events and cyber threat intelligence.
- Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Threat Intelligence Feeds and Vulnerability Analysis toolsets.
- Functional escalation points for incidents registered by SOC Cyber Defence and acting as a referral point to determine any increased risks to the business.
- Responsible for managing and coordinating incident handling and response activities between the Security Operations Centre and Shared Service centre and wider enterprise.
- Respond to IT security incidents by collecting, analysing, preserving digital evidence and ensure that incidents are handled and recorded in accordance with Security Operations requirements.
- Development and execution of Standard Operating Procedures, Event Handlers and Job Aids/Playbooks required for successful task completion.
- Recognise potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Work closely with the other teams to assess risk and provide recommendations for improving our security posture.
- Working knowledge of any of the following tools is required: Splunk, Symantec Endpoint, RSA Security Analytics, Stealth Watch, Checkpoint, Wireshark, or other information security tools.
- Provides correlation and trending of cyber incident activity.
- Supports Cyber Defence analysis during and after an incident.
- Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
- Author Standard Operating Procedures (SOPs) and training documentation when needed
- Minimum of 4 years of IT with at least 3 years of information security operations or incident response experience, and familiarity with the Cyber Kill Chain
- Must have at least one (1) certification in the field of information security from a respectable security organization. Desirable certifications include, but not limited to: GCIH, GCIA, GCFE, GREM, GCFA, GSEC, Security +, CEH, CISSP, CCNA (Security) or equivalent Certifications.
- Has experience of collecting, analysing and reporting meaningful cyber threat intelligence.
Knowledge & Experience
- Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
- The ability to take lead on incident research when appropriate and can mentor other members of the security operations team
- Experience of handling and managing security incident from start to finish
- Experience of working with vulnerability tools sets i.e. Qualys to identify and determine priority vulnerabilities
- Self-motivated and able to work in an independent manner
- Excellent analytical and problem-solving skills
- Experience with technical writing
- Possess an understanding of security standards and risk management
- Have excellent written and verbal communication skills
- Possess the ability to adjust and adapt to changing priorities in a dynamic environment
- Able to multi-task and be pro-active in addressing issues and requests
- Possess technical acumen and the ability to understand and interpret technical specifications
- Excellent written and oral communication skills.
- Excellent interpersonal skills.
- Ability to conduct and direct research into IT issues and products as required.
- Ability to present ideas in business-friendly and user-friendly language.
- Highly self-motivated and directed.
- Keen attention to detail.
- Proven analytical, evaluative, and problem-solving abilities.
- Ability to effectively prioritize and execute tasks in a high-pressure environment.
- Exceptional customer service orientation.
- Extensive experience working in a team-oriented, collaborative environment.
- The ability to work shifts.
If you are interested in hearing more about this opportunity or would like to apply then please contact Jonny Duggan on 01908 886 038 or email firstname.lastname@example.org.