Cybersecurity Analyst: Detection and Response (12-Month Contract)

DUTIES:

MDR Alert Escalation and Advanced Threat Investigation -

• Act as the escalation point for critical MDR alerts and incidents that require in-depth analysis beyond the scope of First Responders.
• Conduct thorough investigations of escalated security incidents, including reviewing logs, analysing network traffic, and correlating data from various security tools (e.g., SIEM, EDR, firewalls).
• Lead threat hunting activities to identify potential indicators of compromise (IOCs) or undetected threats within the environment.
• Develop detailed reports on incidents, including root cause analysis, incident impact, and remediation recommendations.

Incident Response Leadership -

• Lead incident response efforts for high-severity incidents, coordinating containment, eradication, and recovery activities.
• Collaborate with IT, Network, and Application teams to ensure timely and effective remediation of incidents.
• Ensure proper documentation of incidents and lessons learned for continuous improvement of response processes.
• Provide guidance and mentorship to First Responders and Junior Analysts during incident escalations.

Enhancing Detection Capabilities -

• Review and assess current detection rules, alerts, and configurations within security tools (e.g., SIEM, MDR platforms) to improve their accuracy and effectiveness.
• Identify gaps in detection coverage and implement new rules, use cases, or monitoring strategies to improve visibility across the organization’s environment.
• Collaborate with the Threat Intelligence team to integrate emerging threat information into detection capabilities.
• Conduct regular assessments of security tools to ensure they are properly tuned for accurate threat detection with minimal false positives.

Continuous Improvement of Incident Response Processes -

• Lead efforts to mature and enhance the organization’s incident response procedures, ensuring they align with industry best practices and evolving threat landscapes.
• Regularly review and update incident response playbooks to ensure they are comprehensive and actionable for different types of security incidents.
• Automate repetitive tasks in the incident response process to improve efficiency and reduce response times.
• Provide input on new technologies, processes, or tools that can further streamline and enhance the incident response lifecycle.

Collaboration with Security and IT Teams –

• Collaborate with IT, network, and infrastructure teams to implement technical controls and improvements based on findings from security incidents and investigations.
• Serve as a liaison between the security operations team and senior management during significant security incidents, ensuring clear communication and coordination.
• Work closely with other security functions, such as vulnerability management and compliance, to ensure a holistic approach to improving security.

Post-Incident Analysis and Reporting –

• Perform post-incident reviews (post-mortems) to identify root causes, contributing factors, and potential improvements to the organization’s detection and response capabilities.
• Provide detailed incident reports and metrics to senior management, highlighting trends, gaps, and areas for improvement.
• Ensure that corrective actions from incidents are tracked and implemented to prevent recurrence of similar events.

Training and Mentorship –

• Mentor Junior Analysts and First Responders in improving their investigative skills, detection capabilities, and response processes.
• Lead training sessions and tabletop exercises to enhance the team’s preparedness for handling different types of security incidents.
• Provide ongoing feedback to the team on their incident handling performance, helping to build a more resilient and capable response team.

Threat Intelligence and Awareness –

• Stay up-to-date on the latest threat intelligence, attack trends, and Cybersecurity research to improve the organization’s detection and response posture.
• Incorporate intelligence on new threat actors, TTPs (Tactics, Techniques, and Procedures), and vulnerabilities into detection tools and response strategies.
• Collaborate with external threat intelligence sources and vendors to ensure the organization is proactively mitigating emerging threats.

REQUIREMENTS:

Qualifications –

• Relevant Certifications such as GCIA and CEH are preferred.

Experience/Skills –

• 7+ Years of experience in a software and IT role.
• Strong experience with security monitoring tools (EDR and MDR) and advanced knowledge of security incident response procedures.
• In-depth understanding of common attack vectors, malware, network security, and threat detection techniques.
• Ability to lead complex investigations and provide detailed analysis and reporting on security incidents.
• Strong troubleshooting, root cause analysis, and problem-solving skills.

While we would really like to respond to every application, should you not be contacted for this position within 10 working days please consider your application unsuccessful.

---