Cyber Security Analyst

Summary: The Cyber Security Analyst role involves conducting advanced triage and analysis of security events, utilizing expertise in SIEM solutions and Kusto Query Language (KQL). The position requires collaboration with Tier 3 Analysts to enhance detection capabilities and improve incident response workflows. Candidates must be eligible for DV clearance and possess strong knowledge in networking, operating systems, and OSINT techniques. This is a full-time, on-site position based in Erskine, Scotland.

Key Responsibilities:

• Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions.
• Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents.
• Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs).
• Investigate potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity.
• Use OSINT (Open-Source Intelligence) to enrich contextual data and enhance detection capabilities, contributing to a proactive stance on emerging threats.
• Monitor the threat landscape and document findings on evolving threat vectors, sharing relevant insights with CTAC teams to enhance overall situational awareness.
• Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes and improve threat response times.
• Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to continuous SOC maturity.
• Collaborate with Tier 3 Analysts on tuning SIEM and detection tools to reduce false positives and improve alert fidelity, submitting tuning requests and testing configurations when necessary.
• Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases tailored to the organization's threat profile.

Key Skills:

• Advanced networking concepts, including IP Addressing, basic network protocols, and traffic flow within a network.
• Advanced knowledge of Windows and Linux operating environments, including standard commands, file systems, and user authentication mechanisms.
• Competence in using SIEM solutions (e.g., ArcSight, Azure Sentinel) for monitoring and log analysis; exposure to additional analysis tools such as basic XDR platforms.
• Proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively.
• Familiarity with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information.

Salary (Rate): £550

City: Erskine

Country: UK

Working Arrangements: on-site

IR35 Status: inside IR35

Seniority Level: Mid-Level

Industry: IT