Job Description
Threat Intelligence Analyst
Our client is a pure-play cyber security consulting firm, due to a recent M&A and continued growth they are looking for a technical and driven Threat Intelligence Analyst to join the growing team.
You will collaborate closely with the SOC analysts, ensuring clients’ security posture is enhanced. As a Threat Intelligence Analyst, you will play a pivotal role within the SOC Team.
As a Threat Intelligence Analyst, you'll become a master at crafting cutting-edge detection and response solutions, leveraging advanced technologies like Kusto Query Language (KQL), Lucene, YARA, Sigma, Azure Logic Apps, and more!
You'll lead the charge in planning and managing the development, testing, and implementation of cutting-edge rules and analytics for SIEM and SOAR platforms.
Your day-to-day will be dynamic and collaborative, working closely with SOC Operations Teams to fine-tune existing security use cases and create innovative detection content. You'll be orchestrating each release, overseeing all aspects of design, development, testing, and implementation.
Additionally, you'll be the key driver and main point of contact the revolutionary zero-trust protection product. This role includes full ownership and management, ensuring its optimal performance, implementing enhancements, handling customer requests, and serving as the primary escalation contact. Naturally our client will provide you with all training whilst on the job!
No two days are the same in the SOC, responsibilities include but not limited to:
* Lead the development, testing, and deployment of innovative and updated content across the monitored estate in collaboration with Operations teams.
* Transform playbooks from the Ops teams into effective, deployable solutions.
* Ensure existing detection content remains cutting-edge and relevant.
* Evaluate the impact of new and updated rules and analytics to inform future development.
* Oversee the implementation and maintenance of AppGuard policies.
* Review and approve essential documentation for releases or changes, including design, deployment, configuration, and administration guides.
* Expertise in SIEM/SOAR tools (Microsoft Sentinel and ELK) and other technologies, such as SOAR, Threat Intelligence, and traffic analysis tools, to detect intrusions and recommend enhancements to SOC operations.
* Analyse security data to uncover patterns and trends.
* Research emerging threats and vulnerabilities to stay ahead of the curve.
* Develop and produce Use Case Rules, turning CTI information into actionable Use Cases.
* Maintain an organized and up-to-date Use Case Library.
* Keep comprehensive documentation to support all activities.
Required skills/experience of Cyber Threat Investigator:
* Must be eligible to obtain UK Government Security Clearance
* Commercial experience working with SIEMS ideally MS Sentinel
* Experience with Microsoft Sentinel and KQL mandatory
* Experience with LogRhythm, ELK stack (Elastic Search, Logstash, Kibana) would be desirable
* Knowledge of Network Security
* Excellent communication and stakeholder management skills
* Ability to manage sensitive and confidential information
Client Key Facts:
* Exceptionally flexible regarding remote and hybrid work arrangements which means more freedom for your personal life.
* Paid on-call if and when required
* Access to industry events, fostering a stimulating technical and social environment.
* Fantastic career progression opportunities.
#J-18808-Ljbffr