Job Description
Cyber Threat Analyst Roles and Responsibilities Tier 2 Analyst
* You must hold a UK passport only due to security clearance requirements. Only single nationality applicants are accepted. (2nd passport holders, OCI & ILR candidates cannot be considered). You must have been in the UK for the last 5 years. *
*This role is based onsite in DXC Erskine and involves a rotational 24x7 shift pattern.*
**MUST have at least 6 months of experience with SIEM technologies**
Job Overview
The Tier 2 Cyber Security Analyst is a mid-level position within the Cyber Threat Analysis Centre (CTAC). Responsible for advancing initial investigations conducted by Tier 1 Analysts, providing in-depth analysis of potential threats, and supporting escalated incident response. The role involves collaboration with senior and junior analysts to ensure effective SOC operations and acts as a bridge between foundational and advanced threat detection and response functions.
Responsibilities
1. Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, assessing threat severity and advising on initial response actions.
2. Utilize expertise in SIEM solutions, especially Kusto Query Language (KQL), for log analysis, event correlation, and documentation of security incidents.
3. Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring compliance with service level objectives (SLOs).
4. Investigate potential security incidents through deeper analysis of correlated events, identifying patterns or anomalies indicating malicious activity.
5. Use OSINT techniques to enrich security data and enhance detection capabilities, contributing to proactive threat management.
6. Monitor the threat landscape, document findings, and share insights with CTAC teams to improve situational awareness.
7. Follow established incident response playbooks, provide feedback for process improvements, and suggest updates to enhance response times.
8. Coordinate with Tier 3 Analysts and management to refine detection and response workflows, supporting SOC maturity.
9. Collaborate on tuning SIEM and detection tools to reduce false positives and improve alert accuracy, including submitting tuning requests and testing configurations.
10. Identify gaps in detection content and work with Senior Analysts to develop and validate new rules and use cases tailored to organizational threats.
11. Mentor Tier 1 Analysts, guiding triage and analysis techniques, and facilitate on-the-job training to improve team skills.
12. Assist in training sessions and knowledge-sharing activities, providing feedback and contributing to a supportive learning environment within the SOC.
Knowledge and Skills
* Understanding of advanced networking concepts, including IP addressing, network protocols, and traffic flow.
* Proficiency in Windows and Linux OS environments, including commands, file systems, and authentication mechanisms.
* Experience with SIEM solutions (e.g., ArcSight, Azure Sentinel) and familiarity with analysis tools like XDR platforms.
* Proficient in Kusto Query Language (KQL) for log searches and filtering.
* Knowledge of OSINT techniques for threat identification and information gathering.
* Effective communication skills, capable of explaining technical issues to both technical and non-technical audiences.
* Ability to produce clear, structured reports on investigations and monitoring activities.
* Strong workload management skills to ensure timely task completion.
* Willingness to collaborate, accept guidance, and learn continuously.
* Ability to operate effectively under pressure, following procedures during incident management.
Education and Professional Experience
* University Degree/Diploma in Cyber Security or equivalent experience.
* Desirable certifications: CISSP, CompTIA CySA+, GCIA, GCIH.
* Additional certifications such as CASP or ITIL are advantageous.
* Experience in a SOC or equivalent environment.
* SC/DV clearance is preferred.
Other Requirements
* Full Driving Licence.
* Fluent in written and spoken English.
Recruitment fraud warning: DXC does not make employment offers via social media or ask for payments at any stage. For more information, click here.
#J-18808-Ljbffr