Job Purpose
The CSIRT Principal Analyst will provide deep technical expertise which will provide the CSIRT with thought leadership on the implementation of innovative technical solutions. Alongside providing leadership on complex incident response activities and mentoring the broader team to improve the technical skillsets across the team.
In this advanced first-hand role, the post holder will proactively look to improve the overall CSIRT capability and analyst workflow. This will incorporate working with the required key stakeholders to extract the complete capability from all CSIRT toolsets and streamline the analyst workflow to drive efficiencies into the CSIRT ways of working.
Key Accountabilities
1. Provide thought leadership to extract as much value as possible from our existing capability and drive efficiencies into the CSIRT ways of working.
2. Effectively engage with required key stakeholders to ensure the platforms that the CSIRT relies on are fit for purpose, robust and continuously improved to utilize the complete capability associated.
3. Leverage advanced skillset to provide technical leadership during complex incident response activities.
4. Work with project teams to seamlessly onboard new capability to the CSIRT. Ensure you have identified and agreed requirements prior to handover.
What You'll Need
5. Extensive work experience in the Cyber Security industry, specifically monitoring, detection and incident response activities.
6. Strong experience baselining, of trending and improving CSIRT capabilities.
7. Strong experience of creating, tuning, and managing content across all common security toolsets.
8. Strong experience with operating security monitoring platforms (SIEM).
9. Strong experience of collaborating with key stakeholders to deliver both new and further improve existing capability within a CSIRT.
10. Demonstrated ability to lead the response to security incidents using commercial and/or open-source technologies.
11. Strong experience with Incident Response methodologies.
12. Strong experience mentoring other analysts.
13. Strong knowledge on the groups conducting targeted attacks on the energy sector and the associated tactics, techniques, and procedures (TTPs).
14. Strong understanding of networking protocols and infrastructure designs; including cloud infrastructures, routing, firewall functionality, host and network intrusion detection systems, encryption, load balancing, and other network devices.
15. Advanced first-hand experience with security technologies, including: Endpoint Detection & Response tools (EDR) Intrusion Detection & Prevention Systems (IDS/IPS) Security Information & Event Management (SIEM) Network Analysis tools - Wireshark, “tcpdump” Advanced Malware Analysis
16. Exceptional understanding of Windows and Linux Operating Systems
17. Exceptional understanding of TCP/IP and underlying network protocols
18. Strong experience with scripting in a scripting language such as Python, Bash, Powershell,
19. Solid experience in forensic analysis and the associated principles.
20. Ability to summarize events/incidents effectively to different constituencies such as legal counsel, executive management, and technical staff, in both written and verbal form.
21. At least two of the following certifications or equivalent experience: - GIAC Certified Forensic Analyst (GCFA), GIAC Reverse Engineering Malware (GREM), GIAC Cyber Threat Intelligence (GCTI), GIAC Certified Incident Handler (GCIH), GIAC Network Forensic Analyst (GNFA), GIAC Response and Industrial Defense (GRID), GIAC Certified Intrusion Analyst (GCIA), GIAC Penetration Tester (GPEN) or equivalent.
What You'll Get
A competitive salary between £50,000 – £72,000– dependent on capability
As well as your base salary, you will receive a bonus of up to 15% of your salary for stretch performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.
Security Clearance will be required for this role