Technical Operations Analyst Preston / Remote (onsite when needed) 12 months initially £41.94ph inside IR35 / Umbrella Working as part of a team safeguarding against cyber threats by developing and enhancing the Technical Operations capability across People, Process, and Technology, ensuring an efficient approach to all Cyber Operations.
The experience expected from applicants, as well as additional skills and qualifications needed for this job are listed below.
Proactively protecting the client through continual automation and testing of security controls.
Continuously working toward organisational, departmental, and individual objectives and upholding security standards and principles.
Providing assurance to the Head of Cyber Operations and Technical Operations Manager that the SOC is operating efficiently through the use of orchestration and automation.
Core Duties Typical duties include (but are not limited to): Identification of process that can be automated to make the SOC more effective.
Responsible for the overall delivery of the Technical Operations function by providing support to other members of the team to protect the clients systems against cyber threats.
Lead in the identification and the creation, maintenance and troubleshooting of SOAR playbooks, automations and enrichments.
Apply critical thinking to solve unique problems in the information security space.
Enhancing the processes around interacting with large datasets to construct actionable information to enhance the detection of suspicious activity within the business.
On boarding new data sources to increase the visibility of security event information across multiple technologies.
Creating security use cases to enable the wider SOC to respond to a wider array of threats.
Identify where automation can assist the Incident Response team when investigating suspicious activity.
Creation of analytic content to enable quantifiable metrics on SOC performance.
Additional Accountabilities Able to lead a small Data project or support a larger project Work as a fully contributory member of the Cyber Security Team with the ability to delivery with limited guidance from the Line Manager.
Expected to provide technical support to team members and provide support to individuals within specialist areas.
Guides others in application of IM&T and Cyber processes.
Manage own development including participating in on the job training and attending training programmes as appropriate.
Provide support to others development, including the development of people within specialist areas.
Responsible for training members of the team, monitoring their quality of work and contributing to pay decisions Knowledge, Skills and Qualifications A strong technical background with a detailed knowledge of cyber security, computer networks and operating systems.
Broad and detailed experience of technologies including but not limited to firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, Linux, TCP/IP, Networks, Cloud, CDNs and Vulnerability Management.
Analytical background, comfortable analysing and interpreting large and complex data sets and articulating the story behind any observations along with providing conclusions and recommendations.
Detailed knowledge of the current threat landscape, the TTPs frequently employed in those attacks and how we can investigate and mitigate these.
Knowledge and demonstrable experience of the MITRE ATT&CK framework.
Good knowledge of enterprise computing technologies.
Skills Understanding of enterprise networking and computing Knowledge of Python 3 programming language Demonstrable experience in using SOAR tooling and its application Application of data science against large datasets involving unstructured data and designing data models Knowledge of using SIEM platforms to identify suspected security events and creating content to enhance the platform Knowledge of custom APIs to leverage the SOARs functionality Ability to communicate to other stakeholders across the business Technical documentation creation Mentoring junior members of the team The ability to obtain UK Government security clearance to SC Relevant industry and vendor qualifications such as CISSP, CISM, CompTIA security Cyber security framework knowledge such as MITRE ATT&CK Organisational, departmental, and individual objectives and upholding security standards and principles. xjlbheb
Providing assurance to the Head of Cyber Operations and Technical Operations Manager that the SOC is operating efficiently through the use of orchestration and automation.