Senior Cyber Analyst

Provide technical leadership across multiple cyber defence component capabilities provided to QinetiQ customers and security initiatives and projects, including implementing and evolving the cyber defence strategy and roadmap.

1. Technical leadership of CSOC operations to deliver cyber defence services to clients
2. Liaise with clients and key stakeholders to establish key security requirements with proposed solutions in scope to provide an efficient and effective detection and response capability.
3. Leading the technical response to the discovery of all high/critical vulnerabilities with accurate assessment of the attack surface introduced and the orchestration of the effective response across multiple teams and departments.
4. Develop and maintain detection content in line with evolving threats and industry standard frameworks across multiple tools(EDR, SIEM, Machine Learning)
5. Take the lead on major incidents, proving clear direction to the wider teams.
6. Act as a coach and mentor to SOC analysts to upskill the wider capability
7. Lead SOC engagements with key customers and varying technical and non-technical stakeholders
8. Provide technical guidance for the successful implementation of security monitoring based on SIEM and EDR technologies for the monitoring of third party clients
9. Contribute the design and development of 'detect and respond' strategies, tradecraft and playbooks.

Key Capabilities/Knowledge

• Good understanding of fundamental enterprise level cyber security tools including Security Information and Event Management (SIEM), Big Data and Endpoint Detection & Response (EDR), Intrusion detection system technologies.
• Fundamental knowledge across multiple cyber subjects and expertise's including but not limited too; Digital Forensics, Network Analysis, Host Intrusion Analysis, Malware Diagnosis, Incident Response, Threat Intelligence Gathering.
• Good understanding of the MITRE ATT&CK framework with the ability to determine live technique exploitation and novel detection methods in line with them.
• Good ability to critically diagnose and interpret a vast amount of different security focused log sources(Windows, Linux, Firewalls, IDS, AV, EDR)
• Able to identify relevant log sources required for effective content development and threat hunting. Able to create detection content across a wide range of tooling that follows industry best practice.

• Able to identify suspicious and malicious events by manually reviewing logs, leveraging threat intelligence, and drilling down into further details. Able to deal with ambiguous log events.
• Able to explain with justification to stakeholders the limitations in cyber security monitoring and/or threat hunting arising from inadequate log sources
• Able to work independently, with guidance in complex situations
• Excellent IT skills, including knowledge of computer networks, operating systems, software, hardware and security
• Outcome focused stakeholder engagement, influence & persuasion skills
• Collaborate effectively across organisation and externally to achieve required outcomes

Experience & Qualifications

Essential

• STEM degree or equivalent
• Minimum of 3years relevant experience in an operational cyber-security defensive monitoring environment
• Experience of computer operating systems, such as Linux and Windows (e.g. security fundamentals, patch management, file sharing).
• Experience working with SIEM, IDS, EDR and related security monitoring tools.

Desirable

• Experience of applications based on an ELK / Elastic stack architecture (Elasticsearch, Logstash, and Kibana)
• Experience with the configuration and maintenance of tools including; Log Rhythm Carbon Black, ELK
• Qualifications such as Cisco Certified network Professional Security (CCNP Security), CREST Practitioner Intrusion Analyst; ITIL Foundation; CompTIA Network plus certification or similar; SANS GIAC or similar may be beneficial
• Member CIISec or equivalent