The public sector client is looking to recruit a Incident Analyst (security) to work on a short test contract that is due to complete at the end of August 2021. The successful candidate will be able to start the assignment almost immediately. The successful analyst will have a valid SC clearance. Please Note: This assignment sits inside IR35.

This role supports the TTCE Protective Monitoring Service (TTCE PM). The service provides a Security Operations Centre (SOC) capability for the clients programme. This is a business crucial capability to ensure that the client – organisation and wider system is protected from Cyber Threats.

Essential:
• Experience working in a technical cyber security role within a SOC or Incident Response team
• Experience in security content generation for common security tooling
• Ability to investigate, troubleshoot, resolve and prevent the recurrence of incidents that interfere with the normal delivery of IT services
• Analytical approach and strong problem-solving ability
• Basic knowledge of ITIL concepts and incident management
• Good written and verbal communication skills – able to present technical information to different types of stakeholders.

Desirable:
• Cloud technology experience (AWS and Azure – Security focus especially)
• Splunk Enterprise Security experience and associated certifications
• Familiarity with common cyber security frameworks (MITRE ATT&CK, Cyber Kill Chain)
• Experience of incident response engagements, whether on-prem or in cloud environments.
• Familiarity with the Atlassian productivity suite (Jira, Confluence)

Your tasks will include:

• Protective Monitoring – working with the SOC’s toolset to provide triage and analysis of notable cyber security events which are generated from customer environments, gathering technical information and helping to give context to alerts as they occur. Documenting findings and escalating to the Incident process where required.
• Incident Handling – Carrying out the creation and handling of incidents for customers according to established service agreements. Ensuring incidents are prioritised according to agreed frameworks, escalating where appropriate and managing these through to a satisfactory resolution.
• Major Incident Management – Participating in major incidents, either as lead or an involved party to ensure efficient resolution of major incidents and delivering appropriate communications and ticket management as per major incident processes. Participating in any resulting incident review or lessons learned sessions.
• Threat Hunting – Using available tools, logs, direct system access, etc. carry out proactive work for the SOC’s customers to find cyber security issues based on an initial hypothesis, helping to identify security problems and improve the security posture of TTCE PM’s customers
• Contributing to Knowledge Base – Actively contribute to the ongoing development of the shared TTCE PM knowledge base, documenting and improving SOC processes.
• Content Development – playing an active role in the SOC’s Use Case Factory process, using a threat-led approach to improve and develop the content which drives the team’s Protective Monitoring function. This could be through identifying and designing new content, conversion of threat hunts, tuning existing content or other improvements.

Essential:

• Extensive knowledge of common security tools and their usage (particularly SIEM)
• Strong knowledge of Information Security & Cyber Security (Security+, CPIA/CPSA, SSCP/CISSP, GCIH)