Technical Operations Analyst (Cyber Security)
Preston / Remote (onsite when needed)
12 months initially
41.94ph inside IR35 / Umbrella
Candidates must have valid and transferrable SC security clearance or be prepared to go through the security clearance checks required for the role.
The Role
Working as part of a team safeguarding against cyber threats by developing and enhancing the Technical Operations capability across People, Process, and Technology, ensuring an efficient approach to all Cyber Operations.
Proactively protecting the client through continual automation and testing of security controls.
Continuously working toward organisational, departmental, and individual objectives and upholding security standards and principles.
Providing assurance to the Head of Cyber Operations and Technical Operations Manager that the SOC is operating efficiently through the use of orchestration and automation.
Core Duties
Typical duties include (but are not limited to):
Identification of process that can be automated to make the SOC more effective.
Responsible for the overall delivery of the Technical Operations function by providing support to other members of the team to protect the client’s systems against cyber threats.
Lead in the identification and the creation, maintenance and troubleshooting of SOAR playbooks, automations and enrichments.
Apply critical thinking to solve unique problems in the information security space.
Enhancing the processes around interacting with large datasets to construct actionable information to enhance the detection of suspicious activity within the business.
On boarding new data sources to increase the visibility of security event information across multiple technologies.
Creating security use cases to enable the wider SOC to respond to a wider array of threats.
Identify where automation can assist the Incident Response team when investigating suspicious activity.
Creation of analytic content to enable quantifiable metrics on SOC performance.
Additional Accountabilities
Able to lead a small Data project or support a larger project
Work as a fully contributory member of the Cyber Security Team with the ability to delivery with limited guidance from the Line Manager. Expected to provide technical support to team members and provide support to individuals within specialist areas. Guides others in application of IM&T and Cyber processes.
Manage own development including participating in on the job training and attending training programmes as appropriate. Provide support to others development, including the development of people within specialist areas. Responsible for training members of the team, monitoring their quality of work and contributing to pay decisions
Knowledge, Skills and Qualifications
A strong technical background with a detailed knowledge of cyber security, computer networks and operating systems.
Broad and detailed experience of technologies including but not limited to firewalls, IDS/IPS, Active
Directory, endpoint protection, Windows Server, Linux, TCP/IP, Networks, Cloud, CDNs and
Vulnerability Management.
Analytical background, comfortable analysing and interpreting large and complex data sets and articulating the story behind any observations along with providing conclusions and recommendations.
Detailed knowledge of the current threat landscape, the TTPs frequently employed in those attacks and how we can investigate and mitigate these.
Knowledge and demonstrable experience of the MITRE ATT&CK framework.
Good knowledge of enterprise computing technologies.
Skills
Understanding of enterprise networking and computing
Knowledge of Python 3 programming language
Demonstrable experience in using SOAR tooling and its application
Application of data science against large datasets involving unstructured data and designing data models
Knowledge of using SIEM platforms to identify suspected security events and creating content to enhance the platform
Knowledge of custom API’s to leverage the SOAR’s functionality
Ability to communicate to other stakeholders across the business
Technical documentation creation
Mentoring junior members of the team
The ability to obtain UK Government security clearance to SC
Relevant industry and vendor qualifications such as CISSP, CISM, CompTIA security+
Cyber security framework knowledge such as MITRE ATT&CK
Organisational, departmental, and individual objectives and upholding security standards and principles.
Providing assurance to the Head of Cyber Operations and Technical Operations Manager that the SOC is operating efficiently through the use of orchestration and automation.