JobTitleLevel3SecurityAnalystIncidentResponse&VulnerabilityManagement
Before applying for this role, please read the following information about this opportunity found below.
DepartmentServiceDelivery/Security
ReportingToSecurityLead/ServiceDeliveryManager
OperatesunderthedirectionoftheIncidentManagerduringsecurityincidents
LocationUK(Hybrid)OfficeinCardiff1-2daysperweek,regularclientsitetravel.
WorkingPatternMondaytoFridaywithparticipationintheon-callSecurityandMajorIncidentrotaasrequired
RolePurpose
TheLevel3SecurityAnalystisresponsibleforthetechnicalinvestigation,containment,remediation,andresolutionofITsecurityincidentsandvulnerabilitiesacrossacomplex,multi-sitecustomerestatesupportedbytheMSP.
Theroleactsasaseniortechnicalauthorityforsecurityincidents,workingalongsideIncidentManagement,Infrastructure,Network,andApplicationteamstoensuresecurityissuesareresolvedend-to-end,correctlydocumented,anddonotreoccur.
KeyAccountabilitiesSecurityIncidentInvestigation&Response
Actasthetechnicalleadfortheinvestigationofsecurityincidentsacrosssupportedplatforms.
Investigatemalware,ransomware,accountcompromise,unauthorisedaccess,suspiciousactivity,andsecuritymisconfiguration.
Performdetailedrootcauseanalysisacrossendpoint,identity,network,andapplicationlayers.
AdvisetheIncidentManageronincidentscope,impact,containment,eradicationstrategy,andrecoveryvalidation.
Driveincidentsthroughtofulltechnicalresolution,nottemporarymitigation.
KeyAccountabilitiesVulnerabilityManagement
Investigatevulnerabilitiesidentifiedviascanningplatforms,endpointandcloudtooling,supplierdisclosures,andauditactivity.
Assessriskbasedonexploitability,exposure,andoperationalimpact.
Ownremediationactionsend-to-end,coordinatingwithInfrastructure,Network,andthird-partysuppliers.
Validateremediationandensureappropriateevidenceiscapturedforassuranceandaudit.
Platforms&TechnologyScope
End-userdevicesincludingWindows,macOS,tablets,andperipherals.
Microsoft365includingEntraID,Exchange,SharePoint,Defender,andendpointprotection.
IdentityandAccessManagementincludingprivilegedandserviceaccounts.
On-premisesandcloud-hostedservers.
Networkinfrastructureincludingfirewalls,switches,wireless,andWANconnectivity.
Cloud-hostedandsupplier-managedapplications.
Documentation,Audit&ContinuousImprovement
Produceclear,technicallyaccuratedocumentationcoveringincidents,rootcauseanalysis,andcorrectiveactions.
Supportgovernance,customerassurance,andauditrequirements.
Contributetopost-incidentreviewsandlessonslearned.
Identifyrecurringissuesandrecommendlong-termimprovements.
EnsureincidentsandvulnerabilitiesarecorrectlyloggedandtrackedwithinITSMsystems.
Collaboration&Escalation
WorkcloselywithIncidentManagers,Securityspecialists,andLevel3InfrastructureandNetworkteams.
ActasaseniorescalationpointforLevel1andLevel2teams.
Engagethird-partysupplierstoprogressinvestigationandremediation.
Participateinout-of-hoursresponseasrequired.
Knowledge,Skills&ExperienceEssential
ProvenexperienceinaLevel3orSeniorSecurityAnalystorIncidentResponserole.
Hands-onexperienceinvestigatingandresolvingincidentsacrossendpoints,identityplatforms,networks,andcloudservices.
Strongunderstandingofmalwareandransomwareresponse,identitycompromise,andvulnerabilityremediation.
ExperienceworkingwithinformalSecurityIncidentandMajorIncidentprocesses.
Strongwrittendocumentationandstakeholdercommunicationskills.
Knowledge,Skills&ExperienceDesirable
Experiencesupportingmulti-siteoroperationallysensitiveenvironments.
FamiliaritywithDefender,SIEM,EDR,andvulnerabilitymanagementtools.
UnderstandingofregulatedorPCI-adjacentenvironments.
Relevantsecuritycertificationsorequivalentexperience.
BehaviouralCompetencies
Takesownershipfromdetectionthroughtoresolution.
Investigatesthoroughlyandchallengesincompletefixes.
Calm,methodical,anddecisiveduringliveincidents.
Understandsoperationalandbusinessimpact.
Professionalandconfidentwhenengagingcustomersandsuppliers.
DecisionMaking&Authority
Makestechnicaldecisionsrelatingtoinvestigation,containment,andremediationofsecurityincidents. xsngvjr
EscalatesriskanddecisionpointsappropriatelytoIncidentManagementandServiceDeliveryleadership.
KeyInterfaces
IncidentManagement
SecurityOperations
InfrastructureandNetworkServices
Third-partysuppliers
Customerstakeholdersviastructuredincidentcommunications