Cyber Security Incident Response Analyst CSIRT

Job Description

Cyber Security Incident Response Analyst (CSIRT)UtilitiesHybrid: Remote / Warwick, ideally 1 day per week but not a deal-breaker6 months+£550 - £600 per dayJob Purpose:The CSIRT Senior Analyst will provide technical incident response leadership to the Global Cyber Security Operations Center for security detection and mitigation activities. Primary duties will include leveraging advanced expertise with security tools to leadCSIRT Analysts in the investigation of cyber threats, effectively engaging CSIRT Analysts, Incident Managers, Forensics and other key stake holders to efficiently mitigate cyber incidents. In this hands-on role, the post holder will provide insight to security infrastructure and technologies teams. While helping to design and implement detection and/or mitigation controls for the CSIRT team. The role will also serve as a technical liaison toengineering and tooling support functions including raising tuning requests, following up on issues identified and coordinating capability enhancements. The CSIRT Senior Analyst will also provide technical mentoring to other team members. Key Accountabilities:* Provide technical leadership and support to the CSIRT analysts.* Effectively engage other response services teams and management to better mitigate cyber threats* Develop and leverage advanced tool skills to increase detection and response capabilitiesKnowledge & Experience Required:* Work experience in the Cyber Security industry, specifically monitoring, detection and incident response activities.* Experience with operating security monitoring platforms (SIEM) alongside the tuning and management of the associated rulesets.* Demonstrated ability to coordinate and respond to security incidents using commercial and/or open source technologies.* Experience with Incident Response methodologies.* Experience mentoring other analysts.* Knowledge working with the MITRE AT&&CK Framework and tactics, techniques, and procedures (TTPs).* Solid understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network devices.* Solid hands-on experience with security technologies, including:* Intrusion Detection & Prevention Systems (IDS/IPS)* Endpoint Detection & Response tools (EDR)* Network Analysis tools - Wireshark, tcpdump* Strong experience with the following SecOps processes* Host Based Investigations - Manual Log File Analysis* Email Investigations - Including Header Analysis and Office Doc Investigations* Malware Analysis - Dynamic analysis* Analysis of Event Logs sources in an enterprise environment (ie Web, host, network etc)* Understanding of Windows and Linux Operating Systems* Understanding of TCP/IP and underlying network protocols* Experience with scripting in a scripting language such as Python, Bash, Powershell,* Experience of summarizing events/incidents effectively to different constituencies such as legal counsel, executive management and technical staff, both in written and verbal forms.Qualifications Required:Technical qualifications may include but are not limited to: * At least a second class degree in a computer related discipline or equivalent experience* The following certifications or equivalent experience: - GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Network Forensic Analyst (GNFA),GIAC Response and Industrial Defense (GRID), GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) or equivalent.Job Dimensions: Technical role which provides the CSIRT with technical leadership for incident response activities and capability. * Potential for direct reports.* On call requirement.Key Interfaces:* CSIRT Analysts* CSIRT Senior Analysts* CSIRT Principal Analysts* CSIRT Manager (UK & US)* Incident Management Team (UK & US)* Threat Analytics Team* Penetration Testing and Vulnerability Management teams* Platform and Product teams* IT partners and Service providers (Service Delivery & Major Incident Management)* CNI Health TeamsCandidates will ideally show evidence of the above in their CV in order to be considered.Please be advised if you havent heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is anemployment consultancy and operates as an equal opportunities employer.

Keyskills :
CISSPSIEMCyber Security