JobTitle Level3SecurityAnalystIncidentResponse&VulnerabilityManagement Department ServiceDelivery/Security ReportingTo SecurityLead/ServiceDeliveryManager OperatesunderthedirectionoftheIncidentManagerduringsecurityincidents Location UK(Hybrid)OfficeinCardiff1-2daysperweek,regularclientsitetravel. WorkingPattern MondaytoFridaywithparticipationintheon-callSecurityandMajorIncidentrotaasrequired RolePurpose TheLevel3SecurityAnalystisresponsibleforthetechnicalinvestigation,containment,remediation,andresolutionofITsecurityincidentsandvulnerabilitiesacrossacomplex,multi-sitecustomerestatesupportedbytheMSP. Theroleactsasaseniortechnicalauthorityforsecurityincidents,workingalongsideIncidentManagement,Infrastructure,Network,andApplicationteamstoensuresecurityissuesareresolvedend-to-end,correctlydocumented,anddonotreoccur. KeyAccountabilitiesSecurityIncidentInvestigation&Response Actasthetechnicalleadfortheinvestigationofsecurityincidentsacrosssupportedplatforms. Investigatemalware,ransomware,accountcompromise,unauthorisedaccess,suspiciousactivity,andsecuritymisconfiguration. Performdetailedrootcauseanalysisacrossendpoint,identity,network,andapplicationlayers. AdvisetheIncidentManageronincidentscope,impact,containment,eradicationstrategy,andrecoveryvalidation. Driveincidentsthroughtofulltechnicalresolution,nottemporarymitigation. KeyAccountabilitiesVulnerabilityManagement Investigatevulnerabilitiesidentifiedviascanningplatforms,endpointandcloudtooling,supplierdisclosures,andauditactivity. Assessriskbasedonexploitability,exposure,andoperationalimpact. Ownremediationactionsend-to-end,coordinatingwithInfrastructure,Network,andthird-partysuppliers. Validateremediationandensureappropriateevidenceiscapturedforassuranceandaudit. Platforms&TechnologyScope End-userdevicesincludingWindows,macOS,tablets,andperipherals. Microsoft365includingEntraID,Exchange,SharePoint,Defender,andendpointprotection. IdentityandAccessManagementincludingprivilegedandserviceaccounts. On-premisesandcloud-hostedservers. Networkinfrastructureincludingfirewalls,switches,wireless,andWANconnectivity. Cloud-hostedandsupplier-managedapplications. Documentation,Audit&ContinuousImprovement Produceclear,technicallyaccuratedocumentationcoveringincidents,rootcauseanalysis,andcorrectiveactions. Supportgovernance,customerassurance,andauditrequirements. Contributetopost-incidentreviewsandlessonslearned. Identifyrecurringissuesandrecommendlong-termimprovements. EnsureincidentsandvulnerabilitiesarecorrectlyloggedandtrackedwithinITSMsystems. Collaboration&Escalation WorkcloselywithIncidentManagers,Securityspecialists,andLevel3InfrastructureandNetworkteams. ActasaseniorescalationpointforLevel1andLevel2teams. Engagethird-partysupplierstoprogressinvestigationandremediation. Participateinout-of-hoursresponseasrequired. Knowledge,Skills&ExperienceEssential ProvenexperienceinaLevel3orSeniorSecurityAnalystorIncidentResponserole. Hands-onexperienceinvestigatingandresolvingincidentsacrossendpoints,identityplatforms,networks,andcloudservices. Strongunderstandingofmalwareandransomwareresponse,identitycompromise,andvulnerabilityremediation. ExperienceworkingwithinformalSecurityIncidentandMajorIncidentprocesses. Strongwrittendocumentationandstakeholdercommunicationskills. Knowledge,Skills&ExperienceDesirable Experiencesupportingmulti-siteoroperationallysensitiveenvironments. FamiliaritywithDefender,SIEM,EDR,andvulnerabilitymanagementtools. UnderstandingofregulatedorPCI-adjacentenvironments. Relevantsecuritycertificationsorequivalentexperience. BehaviouralCompetencies Takesownershipfromdetectionthroughtoresolution. Investigatesthoroughlyandchallengesincompletefixes. Calm,methodical,anddecisiveduringliveincidents. Understandsoperationalandbusinessimpact. Professionalandconfidentwhenengagingcustomersandsuppliers. DecisionMaking&Authority Makestechnicaldecisionsrelatingtoinvestigation,containment,andremediationofsecurityincidents. EscalatesriskanddecisionpointsappropriatelytoIncidentManagementandServiceDeliveryleadership. KeyInterfaces IncidentManagement SecurityOperations InfrastructureandNetworkServices Third-partysuppliers Customerstakeholdersviastructuredincidentcommunications