Lead Cyber Security Operations Analyst

Our client are seeking a Cyber Security Operations Analyst with strong cyber analytical skills and Splunk experience to join their team.

This is a hybrid position with 2 days a week expected in the London office.

Responsibilities:

• Responsible for the management of security events, including triaging, escalation, response and post incident review.
• Maturing incident triaging methods and developing controls to detect and prevent attackers from executing their objectives.
• Maintaining a good understanding of the regulatory requirements of performing monitoring and incident response functions globally.
• Maintaining a functional understanding of the latest approaches used in detecting attacker techniques.
• Act as an authority in analysis approaches and techniques used in Malware analysis, Digital forensics and Countermeasure development.
• Authorise control deployment or containment and eradication actions or strategies.
• Understand and act on intelligence provided by other teams and external sources.
• Provide support to other security investigational functions as required.
• Provide general advice and guidance on Information Security related matters.
• Available for 'out of hours' support and investigation for security incident escalation.

Skills/Experience

• Splunk (essential)
• Microsoft Defender (desirable)
• Experience of working in the Cloud and exposure to Cyber operations.
• Experience and detailed technical knowledge within all the phases of incident response.
• Experience presenting to executive and technical audiences both internally and at industry events,
• Incident Response technology stack.
• Cyber Kill Chain, Intelligence Driven Defence and Security architectures.
• Red, Blue and Purple team operations and management
• Incident Response procedures, with technical ability to 'take control, and co-ordinate' major security incidents
• Security monitoring, incident response and mitigation, web application security, threat research or intelligence analysis
• Attack surface reduction, using intelligence to increase controls before a threat manifests

Knowledge & Qualifications:

Certification in at least one of the following would be desirable:

• GIAC Certified Incident Hander
• GIAC Certified Intrusion Analyst
• GIAC Reverse Engineering Malware
• Comprehensive knowledge and application of Cyber Kill Chain and MITRE ATT&CK mapping of incidents and controls
• Intelligence Driven Defence
• Attack detection development and tuning
• Cyber threat hunting, anomaly detection and control deployment automation.
• Ability to identify operational risks and issues in a real time environment, and take proportionate and appropriate actions.
• Reporting writing based on complex data with accuracy, brevity, and speed

Disclaimer:

This vacancy is being advertised by either Advanced Resource Managers Limited, Advanced Resource Managers IT Limited or Advanced Resource Managers Engineering Limited ("ARM"). ARM is a specialist talent acquisition and management consultancy. We provide technical contingency recruitment and a portfolio of more complex resource solutions. Our specialist recruitment divisions cover the entire technical arena, including some of the most economically and strategically important industries in the UK and the world today. We will never send your CV without your permission.