Cyber Defence Analyst

DV cleared (SC will be considered if DV application ongoing) full-time role based at customer Site (no work can be done off-site)

The Authority’s environment Cyber Defence Analyst will join a rapidly growing security team responsible for designing, delivering and maintaining operational cybersecurity capabilities. Conducting pro-active, risk-based, protective monitoring on priority C4IS/networks in order to identify internal and external cyber-threats/attacks. This position involves a broad range of skills, including the development and mentoring of the Level 2 Analyst, monitoring networks to actively remediate unauthorised activities. 

Tasks: 
•    Develop and integrate security event monitoring and incident management services.
•    Respond to security incidents as they occur as part of an incident response team.
•    Implement metrics and dashboards to give visibility of the Enterprise infrastructure.
•    Assist with the leadership of a composite cyber response team during incidents and investigations
•    Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.
•    Produce documentation to ensure the repeatability and standardisation of security operating procedures.
•    Develop additional investigative methods using the Authority’s environment’s software toolsets to enhance recognition opportunities for specific analysis.
•    Maintain a baseline of system security according to latest threat intelligence and evolving trends. 
•    Participate in root cause analysis of incidents in conjunction with analysts and engineers across the enterprise.
•    Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.
•    Offer strategic and tactical security guidance including valuation requirement of technical controls.
•    Be part of the CRM process
•    Liaise with the Authority’s environment’s Level 3 engineers to maintain up-to-date dashboards of security alerts, to allow the Authority to better respond to an incident.
•    Document, validate and create operational processes and procedures to help develop the Authority’s environment.
•    Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.
•    Build, install, configure, and test dedicated cyber defence hardware.
•    Support Level 1 Analysts to manage Authority’s environment’s systems.

Skills/Experience:
•    Previous experience of Enterprise ICS/network architectures and technologies
•    Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning. 
•    Experience as a mentor/coach to junior analysts
•    Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks
•    Skilled in maintaining Microsoft directory services.
•    Skilled in using virtualisation software.
•    Knowledge of key security frameworks (e.g. ISO, NIST 800-53)
•    Excellent communication skills
•    Experience of writing Defence/Government documentation

Desirable:
•    Broad Spectrum Cyber Course (SANS SEC401 or SEC501 or equivalent)
•    Experience of managing cyber incidents and investigations
•    SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)
•    Advanced Analyst Course (SANS SEC503 or equivalent)