Working Arrangements:
Monday to Friday 9.30am-5.30pm Hybrid work pattern
Overall Objective of Role:
The Cyber Security Operations Team is a critical component of the Thomas Miller security infrastructure, responsible for monitoring, detecting, and responding to security threats in real time. The team partner with a 3rd party to ensure constant vigilance over the security landscape. The Cyber Security Analyst detects, analyses, investigates and responds to alerts and threats within the environment.
Specific Responsibilities:
* Monitor security alerts, events, and potential threats using SOC tools.
* Respond to and investigate cyber security incidents, including malware outbreaks, phishing attempts and data breaches.
* Perform incident response, including triaging, investigation, and resolution of security incidents.
* Analyse network traffic, logs, and alerts to detect malicious activity.
* Conduct root-cause analysis on security breaches and vulnerabilities.
* Prepare and maintain detailed incident reports and post-incident documentation.
* Collaborate with other teams to improve overall security posture.
* Implement and follow standard operating procedures (SOPs) for threat management and incident response.
* Perform regular vulnerability assessments and recommend remediation.
* Stay updated with emerging security trends, vulnerabilities, and exploits.
* Participate in red and blue team exercises to simulate attack and defence scenarios.
* Collate and distribute monthly Threat Vulnerability Management (TVM) reports to senior stakeholder.
Person Specification:
* 1-3 years of experience working in a SOC or similar role.
* Experience with SIEM tools and performing security investigations.
* Strong understanding of networking concepts, protocols, and security principles.
* Knowledge of security incident handling, malware analysis, and threat intelligence.
* Excellent problem-solving skills and attention to detail.
* Experience with advanced threat detection techniques and tools.
* Hands‑on experience with forensic analysis, malware reverse engineering, or penetration testing.
* Familiarity with regulatory frameworks (e.g., GDPR, FCA, PCI ) and compliance requirements.
* Strong communication skills with the ability to translate technical details to non-technical stakeholders.
Technical Skills:
* Experience with SOC tools such as:
* SIEM (e.g., Splunk, IBM QRadar, ArcSight, Rapid7)
* Endpoint Detection and Response (EDR) (e.g., CrowdStrike, Carbon Black, SentinelOne, Rapid7)
* Vulnerability Management tools (e.g., Nessus, Qualys, Rapid7)
* Threat Intelligence Platforms (e.g., Recorded Future, ThreatConnect)
* Firewalls and Network Monitoring tools (e.g., Palo Alto, Cisco ASA, Checkpoint)
* Security Orchestration Automation and Response (SOAR) platforms (e.g., Demisto, Phantom)
* Experience with Web Gateway and Web Proxy tools (e.g., Netskope, Blue Coat, Zscaler, Forcepoint, Palo Alto)
* Strong knowledge of operating systems (Windows, Linux) and network protocols.
* Proficiency in analysing packet captures (Wireshark, TCPDump).
* Familiarity with scripting languages such as Python, Bash, or PowerShell.
* Experience with cloud security monitoring (AWS, Azure, GCP).
* Knowledge of incident management frameworks like NIST, MITRE ATT&CK.
Preferred Qualifications:
* Certification such as CompTIA Security+
* Bachelors degree in Computer Science, Information Security, or related field
J-18808-Ljbffr