Cyber Security Analyst

Social network you want to login/join with:

We are looking for a Cyber Security Analyst to work out of Erskine.

The Tier 2 Cyber Security Analyst is a mid-tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing initial work conducted by Tier 1 Analysts and providing in-depth analysis of potential threats. This role plays a crucial part in escalated investigations, triage, and response to cyber incidents, while also supporting the development and training of Tier 1 Analysts.

The Tier 2 Analyst collaborates closely with senior and junior analysts to ensure seamless SOC operations and acts as a bridge between foundational and advanced threat detection and response functions.

1. Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, assessing threat severity and advising on initial response actions.
2. Utilize SIEM solutions with Kusto Query Language (KQL) for log analysis, event correlation, and documentation of security incidents.
3. Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service level objectives (SLOs).
4. Investigate potential security incidents by conducting deeper analysis on correlated events and identifying suspicious patterns or anomalies.
5. Use OSINT techniques to enrich contextual data and enhance detection capabilities, contributing to proactive threat management.
6. Monitor the threat landscape, document findings on evolving threat vectors, and share insights with CTAC teams to improve situational awareness.
7. Follow established incident response playbooks, provide feedback for improvements, and suggest updates to streamline processes and enhance threat response times.
8. Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to SOC maturity.
9. Collaborate on tuning SIEM and detection tools to reduce false positives, submitting tuning requests and testing configurations as needed.
10. Identify gaps in detection content and work with Senior Analysts to develop and validate new detection rules and use cases tailored to organizational threats.
11. Mentor Tier 1 Analysts, offering guidance on triage and analysis techniques, and facilitate on-the-job training to elevate their skills.
12. Assist in training sessions and knowledge-sharing activities, providing feedback on areas for growth and fostering a supportive learning environment within the SOC.

• Understanding of advanced networking concepts, including IP addressing, network protocols, and traffic flow within networks.
• Proficiency in Windows and Linux operating environments, including commands, file systems, and authentication mechanisms.
• Experience with SIEM solutions (e.g., ArcSight, Azure Sentinel) and analysis tools such as XDR platforms.
• Proficient in Kusto Query Language (KQL) for log searching and filtering.
• Knowledge of OSINT techniques for threat identification and information gathering.
• Effective communication skills for internal and external stakeholders, with the ability to explain technical issues clearly.
• Ability to produce concise, structured reports on investigations and monitoring activities.
• Strong workload management skills to ensure timely task completion.
• Willingness to collaborate, accept guidance, and learn from more experienced analysts.
• Initiative in learning new technologies and techniques, leveraging training resources.
• Ability to perform efficiently under high-pressure situations, following procedures to ensure consistent incident management.

• University Degree/Diploma in Cyber Security or equivalent experience.
• Additional IT certifications such as CISSP, CompTIA CySA+, GCIA, GCIH are desirable.
• Certifications like CASP or ITIL are advantageous.
• Experience in a SOC or equivalent environment.
• SC/DV clearance or willingness to undertake clearance, with the requirement that candidates are British-born holding a sole British passport.
• Full Driving Licence.
• Fluent in written and spoken English.

Position is onsite at Erskine, with a 6-month contract offering circa £500/day inside IR35.