Interim Incident Analyst x2 – Remote working
Pay rate: Up to £700 max per day pay range subject to IR35 status
- Protective Monitoring – working with the toolset to provide triage and analysis of notable cyber security events which are generated from customer environments, gathering technical information and helping to give context to alerts as they occur. Documenting findings and escalating to the Incident process where required.
- Incident Handling – Carrying out the creation and handling of incidents for customers according to established service agreements. Ensuring incidents are prioritised according to agreed frameworks, escalating where appropriate and managing these through to a satisfactory resolution.
- Major Incident Management – Participating in major incidents, either as lead or an involved party to ensure efficient resolution of major incidents and delivering appropriate communications and ticket management as per major incident processes. Participating in any resulting incident review or lessons learned sessions.
- Threat Hunting – Using available tools, logs, direct system access, etc. carry out proactive work for the customers to find cyber security issues based on an initial hypothesis, helping to identify security problems and improve the security posture of customers
- Contributing to Knowledge Base – Actively contribute to the ongoing development of the shared knowledge base, documenting and improving processes.
- Analyst background (SOC exp)
- Experience working in a technical cyber security role within a SOC or Incident Response team
- Extensive knowledge of common security tools and their usage (particularly SIEM)
- Strong knowledge of Information Security & Cyber Security (Security+, CPIA/CPSA, SSCP/CISSP, GCIH)
- Experience in security content generation for common security tooling
- Ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services
- Analytical approach and strong problem-solving ability
- Basic knowledge of ITIL concepts and incident management
- Good written and verbal communication skills – able to present technical information to different types of stakeholders.
- Cloud technology experience (AWS and Azure – Security focus especially)
- Splunk Enterprise Security experience and associated certifications
- Familiarity with common cyber security frameworks (MITRE ATT&CK, Cyber Kill Chain)
- Experience of incident response engagements, whether on-prem or in cloud environments.
- Familiarity with the Atlassian productivity suite (Jira, Confluence)
Please quote the Job Title & Vacancy Reference No. in your application, or we will be unable to match your CV to the role being applied for.
“Essential Requirements” – Please check to ensure that your CV addresses the following items:
- Our clients are generally seeking applicants who are reasonably local, so on that basis we would ideally like you to supply us with your address (or at least your post code) and a telephone number so that we can reach you during working hours.
- Your recent UK working experience going back at least 5 years, or full employment history if you have been working for fewer years than this.
- Your availability to work either immediately, or at short notice.
- Qualifications and experience relevant to the job role – please give full details within your CV document.
- Additional Requirements:
- SC - security clearance.
Other preferable/desirable details to include on your CV, if applicable:
- Any local authority/public sector experience.
- Any relevant qualifications held or being studied for.