This contract with our Defence client is for a Cyber Defence Analyst for 8 months in West Midlands - 5 days onsite. The Cyber Defence Analyst will join an established security team responsible for designing, delivering, and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks to identify internal and external cyber-threats/attacks. Tasks: • Develop and integrate security event monitoring and incident management services. • Respond to security incidents as they occur as part of an incident response team. • Implement metrics and dashboards to give visibility of the Enterprise infrastructure. • Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools. • Produce documentation to ensure the repeatability and standardisation of security operating procedures. • Develop additional investigative methods using the SOC’s software toolsets to enhance recognition opportunities for specific analysis. • Maintain a baseline of system security according to latest threat intelligence and evolving trends. • Participate in root cause analysis of incidents in conjunction with engineers across the enterprise. • Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices. • Offer strategic and tactical security guidance including valuation requirement of technical controls. • Be part of the CRM process • Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident. • Document, validate and create operational processes and procedures to help develop the SOC. • Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.
Requirements
- Strong Cyber defence experience - Working in Enterprise SOC - SIEM - Understanding of different frameworks - cyber kill chain / mitre Desired Skills/Experience: • Elastic Stack proficiency. • Previous experience of Enterprise ICS/network architectures and technologies. • Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. • Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks. • Skilled in using virtualisation software. • Knowledge of key security frameworks (e.g. ISO, NIST 800-53). • Ability to document and report security incidents clearly and concisely. • Experience of writing Defence/Government documentation. • Creation, development and management of security alert dashboards. Desirable Qualifications: • Broad Spectrum Cyber Course (CompTIA Sec+, SANS SEC401 or SEC501 or equivalent) • SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)