Cyber Defence Analyst

The in‑house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. This Cyber Defence Analyst will play a key role in solidifying the firm's security posture to ensure the confidentiality, integrity, and availability of the firm's systems and data. Weekend working is a requirement for this role, with exact shift patterns to be discussed at interview. All weekend hours are eligible for a premium payment, in addition to your base salary.

• Investigate and prioritise Level 2 escalated events and alerts identified by the Managed Security Service Provider (MSSP) in Level 1 monitoring.
• Escalate events to senior colleagues and appropriate stakeholders when necessary.
• Investigate potential cyber‑security and data‑loss incidents raised by firm employees and third parties using the defined playbooks for the Cyber Defence team.
• Respond to inbound queries to the information security mailbox, consulting with senior colleagues for advice where required.
• Participate in incident‑response activities, including CSIRT activities, for confirmed incidents in local time zone:
• Conduct initial triage and investigation.
• Assist with containment, mitigation and remediation, ensuring forensic evidence is gathered and documented.
• Participate in security incident‑response exercises and contribute to post‑exercise reviews.
• Be part of the Cyber Defence on‑call rota, which may require out‑of‑hours work.
• Pick‑up and hand‑off incident‑response activities with the rest of the Belfast Cyber Defence team and other teams in different time zones as part of a 24‑7 follow‑the‑sun global model.
• Maintain awareness of current and emerging cyber threats, techniques and procedures (TTPs) using threat‑intelligence insights from the Threat and Vulnerability Management team.
• Assist with implementation and enhancement of new and existing cyber‑defence tools and processes.
• Contribute to the maintenance and improvement of playbook and process documentation for Cyber Defence.
• Collaborate with other areas of the firm (e.g. wider information security and IT teams) to improve the firm's security posture.
• Advise business stakeholders on Cyber Defence, translating complex technical concepts into business‑friendly language.

• At least 1+ year's experience in a security operations or similar technical security role.
• Operational‑level experience in at least two of the following domains: Security engineering, alert triaging, rule writing, incident response, digital forensics and incident response (DFIR), threat intelligence and management, vulnerability management, or security control testing.
• In‑depth understanding of networking and routing protocols (e.g. TCP/IP) and services (e.g. DNS, SMTP).
• Experience with cyber defence technologies and tooling, including:
• SIEM solutions
• Intrusion Detection/Prevention Systems (ID/PS)
• Threat and vulnerability management platforms
• Endpoint protection
• Firewalls
• Highly analytical mindset with strong problem‑solving skills.
• Ability to interpret data flows, assess security events and draw logical conclusions.
• Excellent written and verbal communication skills.
• Ability to collaborate effectively across technical and non‑technical teams.
• High level of personal integrity and ethics, demonstrating appropriate judgement.
• Genuine passion for continuous learning and development in cybersecurity.
• Additional qualifications that would be advantageous:
• Bachelor's degree in Information Security, Computer Science, Engineering, Technology or related field.
• Industry‑recognised certifications such as CISSP, CEH, CISM or CompTIA Security+.
• Practical programming or scripting experience with Python and PowerShell.

Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.