Senior + Associate Security Analysts - Security-cleared

We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London.

As a senior security analyst with responsibility for incident response, you will:

• lead the investigation of security alerts to understand the nature and extent of possible cyber incidents
• lead the forensic analysis of systems, files, network traffic and cloud environments
• lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions
• support the wider coordination of cyber incidents
• review previous incidents to identify lessons and actions
• identify and deliver opportunities for continual improvement of the incident response capability
• work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
• develop and update internal plans, playbooks and knowledge base articles
• act as an escalation point for, and provide coaching and mentoring to, security analysts
• be responsible for leadership and line management of security analysts
• Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.

We're interested in people who have:

• significant experience investigating and responding to cyber incidents
• significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents
• experience managing and coordinating the response to cyber incidents
• experience coaching and mentoring junior staff
• an in-depth understanding of the tools, techniques and procedures used by threat actors
• excellent analytical and problem solving skills
• excellent verbal and written communication skills

It's desirable, but not essential, that you have:

• experience with Splunk
• experience working in an Agile environment
• experience with cloud environments such as AWS

As an associate security analyst you will:

• triage and investigate cyber security alerts and reports from users
• use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents
• support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions
• support the coordination of cyber incidents
• contribute to post-incident reviews to identify lessons and actions
• identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability
• work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
• contribute to internal plans, playbooks and knowledge base articles
• act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts
• be responsible for line management of apprentice security analysts
• Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join

We're interested in people who have:

• experience investigating and responding to cyber incidents
• experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents
• Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable)
• an understanding of the tools, techniques and procedures commonly used by threat actors
• good analytical and problem-solving skills
• good verbal and written communication skills

It's desirable, but not essential, that you have:

• experience with Splunk
• experience working in an Agile environment
• experience with cloud environments such as AWS

If you feel you have the skills and experience needed for this role; please do apply now.