Senior Cyber Analyst (CSOC)Our client are experts in defence, aerospace, security and related markets. They draw on extensive technical knowledge and intellectual property to provide the know-how and support to solve some of the world's most challenging problems. The organisation makes the critical difference to customers by providing unique approaches to problem solving. Why don't you join some of the world's finest scientific and technical minds and help make tomorrow work today?Working at this organisation is more than just a job - as an innovative science and technology company, they solve global customers most challenging problems. Everything is focused on defending sovereign capability, protecting lives and securing the vital interests of customers. The formula for success is the appetite for innovation, courage to take on a wide variety of complex challenges and motivated people who work to deliver the best possible solutions.The RoleYou will work as a senior member of the security operations centre team to provide defence against cyber-attacks, through the proactive monitoring, analysis and management of security events/incidents emanating from customer networks and systems. As a Senior Analyst, the role will involve providing a technical point of escalation for cyber security related incidents and the configuration, development and tuning of the security technology tools. This role is based in Malvern and is not a shift, or night working role.Key AccountabilitiesWork independently, applying in-depth knowledge and experience to deliver time critical, customer focused security monitoring services; advising and recommending on defensive strategies.Provide effective leadership to SOC team members; directing and guiding work and providing mentorship of junior members of staff, acting as a local Subject Matter Expert in the Cyber Security domain.Perform in-depth and advanced analysis (e.g. forensic analysis and malware reverse engineering) of complex and non-routine escalated security-related events; drawing on the expertise of other Analysts and external resources as required.Manage escalated security-related events, making rapid evidence-based decisions on how to respond based on the extent and severity of the intrusion; drawing on knowledge of threat actors, including their motivation, infrastructure and capabilities.Applying threat intelligence to build an awareness picture of emerging issues across monitored customers within the SOC.Proactively contribute to SOC strategy by refining processes and procedures; ensuring they align with customer and wider organisational requirementsKey CapabilitiesActively maintains awareness of developments in the intrusion analysis, incident response and information security fields.Working understanding of common Intrusion Analysis models (e.g. Cyber Kill Chain®) and can apply them to enhance analysis and reporting.Understanding of TCP, UDP, IP, ICMP, IPv4, IPv6, HTTP, HTTP(S), SMTP, POP3, and DNS. Demonstrates fundamental knowledge of IRC, DHCP, FTP, SMB, SNMP, TLS.Strong knowledge of security technologies such as SIEM, NIDS/NIPS, HIDS/HIPS and Endpoint protection suites Advanced knowledge of current threat landscape and a good understanding of malware operations, indicators, and known examples of APTs.Ability to interpret system data such as security event logs, system logs, and application logs using graphical and command-line toolsGood working understanding of common Intrusion Analysis models, and can readily apply them.Ability to gather threat and vulnerability data from threat advisories and open source information, using advanced search engine queries, domain registration records, DNS queries and extraction of Metadata.Experience & QualificationsA Bachelor's Degree in Computer Science, Computer Networks, Information Security or other related technical discipline or equivalent experience.Extensive experience of working within an information security discipline.Experience working with SIEM tools and related security monitoring toolsets. (preferably LogRhythm SIEM)Advanced experience of computer operating systems, such as Linux and Windows.Effectively interpret data from toolsets into customer focussed intelligence.An IT Security qualification such as CREST Practitioner Intrusion Analyst (CPIA), SANS Certified Intrusion Analyst (GCIA), Certified Incident Handler (GCIH), Cisco Certified Network Professional Security (CCNP Security).Company Benefits25 days starting annual leave Pension - 1.5 times employer contribution (your personal contribution up to a maximum of 7%).Share Incentive Plan - Pay £10 - £150 per month into the plan and you'll receive one free share for every 3 shares purchased. Plus, you receive full tax & NI relief on this moneyHealth Cash Plan - go private with your healthcare and get cash back for it. The cover is far reaching, including dental, optical or even acupuncture costs.Private Medical Insurance - Employees can insure themselves and their family at discount rates for PMI.Target Based bonus - it is dependent on how the company performs as a whole and also how your department performs.