Cyber Security Analyst – Tier 2
£35k + Bonus
- Bonus, Up to 10% of base salary (5% Personal, 5% Business Performance)
- Pension, Matched up to a max 10% of salary
- Holiday 25 days ( plus 8 bank normal bank holidays )
- Staff incentives:
- My Staff shop membership
- Childcare Vouchers
- Cycle to work scheme
A global family of companies and one of the largest producers and distributors in the world, striving to be the leaders of innovation within the industry. With over 7,000 employees working across 90 countries.
The Security Operations team provides a suite of operationally focused services to the wider business allowing them to remain vigilant to the state of security and compliance within their environments, including security configuration changes, ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global security management systems.
Reporting to the Tier 2 team leader, you will perform incident analysis by correlating data from various sources and determine if a critical system or data set has been impacted. The role will also advise/assist in remediation when required and provide support for new analytic methods for detecting threats.
- Minimum of 4 years of IT with at least 3 years of information security operations or incident response experience, and familiarity with Cyber Kill Chain
- Must have at least one (1) certification in the field of information security from a respectable security organization. Desirable certifications include, but not limited to: GCIH, GCIA, GCFE, GREM, GCFA, GSEC, Security +, CEH, CISSP, CCNA (Security) or equivalent Certifications.
Knowledge & Experience
- The ability to lead on incident research when appropriate and can mentor Tier 1 analysts.
- Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
- Self-motivated and able to work in an independent manner.
- Excellent analytical and problem-solving skills
- Experience with technical writing
- Possess an understanding of security standards and risk management
- Monitoring and analysis of cyber security events.
- Respond to security incidents by collecting, analysing, preserving digital evidence
- Coordinating the security incident response by advising on remediation actions
- Conducting research on emerging threats to support of security enhancement
- Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP).
- Functional escalation points for incidents registered by SOC Tier 1 and acting as a referral point to determine any increased risks to the business.
- Recognise potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information.
- Working as part of the Tier 2 team, performing deep-dive incident analysis to determine if critical systems across the organisation has been impacted.
- Work closely with the other teams to assess risk and provide recommendations for improving our security posture.
- Working knowledge of any of the following tools is required: Splunk, Symantec Endpoint, RSA Security Analytics, NIKSUN, Wireshark, or other information security tools.
- Provides correlation and trending of cyber incident activity.
- Supports Tier 1 analysis, handling and response activity.
- Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
- Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion.
- The recording of lessons learnt and improvements to existing processes and procedures.
- Author Standard Operating Procedures (SOPs) and training documentation when needed.
For more information and a confidential chat please contact Sam Page.