Cyber Incident Threat Analyst INHOUSE flex work
£70k + Private Healthcare & Excellent Benefits
I'm a security specialist recruiter hoping to make contact with a Cyber Incident Threat Analyst, with some experience close to the technical coal-face, in real life security incidents, perhaps from a SOC or technical background, and you're sick of shifts, late nights, early mornings? Perhaps you'll have experience in preparing incident response plans, conducting tabletop exercises, prevention and management of Cyber Attacks, and even staff awareness and training The ideal candidate for this role will understand the steps of a cyber-attack from a technical perspective, and is able to communicate those concepts and ideas to management and users. This role is in-house, has no shifts, is a brand-new role and can be offered on a hybrid-basis.
About the role:
- Brand new, with the opportunity to grow and own a whole function
- No shift-pattern, standard office hours only
- No difficult clients or midnight runs across the country to respond to an incident
- Would really suit somebody who has previously worked in a SOC and has the technical knowledge to train other technical and non-technical members of staff
- Would also suit somebody who is currently consulting and ready to regain some work-life balance whilst also taking ownership of their own function
The role I have is a very interesting one that would suit a security or IR consultant wanting to work in-house on a permanent basis. You might currently be working in a SOC and have a lot of experience dealing with Incident Response / Readiness. You will be familiar with networking protocols and will have worked with tools at packet / pcap level, SIEM, IDS, and other common security toolsets.
Some of the responsibilities of the role include;
- Advising staff on how to be ready for attacks, using scenario-based exercises and being involved in creating policy and processes to protect critical assets of a large business
- Understanding and demonstrating some of the techniques used by attackers in malicious attacks
- Being able to use common toolsets (SIEM, PCAP tools, IDS, IPS etc.) to understand the level to which a system is compromised
- In the event of an attack, establishing what may have been lost / stolen and determining the root cause and nature of the attack (with an external SOC for backup)
- Reporting and presenting findings and recommendations to senior stakeholders, and identifying weakness and suggesting improvements.
- Training both technical and office users on incident prevention, online conduct and how to identify and respond in the event of an attack
Some things we'd LOVE to see on a profile…
- Previously technically hands-on with SIEM technology (Graylog, LogRhythm, Splunk, ArcSight, Qradar etc.)
- An understanding of Cyber Kill-Chain
- Experience performing root-cause analysis following MITRE Att&ck Framework
- Experience dealing with live attacks with the ability to establish the nature of the attack
- Previously performed tabletop / playbook exercises and worked with none technical businesses to help protect them.
- Any of the following Encase FTk, Powershell, VB, Bash, scripting, and Linux familiarity,
Click 'Apply' or send your CV directly to me at dana [dot] panahi [at] circlerecruitment [dot] com (even if its not up to date!)
I'm also on LinkedIn to connect with UK eligible job seekers!
Incident Response, Incident Readiness, Breach Response, Blue Team, Incident Preparedness, SIEM, Wireshark, TCP Dump, Snort, Programming, Cyber Kill Chain, IDS, IPS, Networking, Encase, FTK, FTK Image, Volatility, IOC, Loki, FastIR, MITRE Att&ck Framework, Ransomware, Information Security, IR
Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter - @Circle_Rec and LinkedIn - Circle Recruitment.