We have an exciting opportunity for a Cyber Defence Senior Analyst to join our growing Information Security team, based in the A&O Shearman’s Belfast office.
The in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. This Cyber Defence Senior Analyst will perform a critical role in solidifying the firm's security posture, focusing on the in-depth analysis, and effective response to cyber security events and incidents within their time-zone. They will also contribute to the effectiveness and cohesion of the Cyber Defence team by providing guidance to, and sharing knowledge with, more junior Cyber Defence Colleagues.
Please note that weekend working is a requirement for this role, with exact shift patterns to be discussed at interview. All weekend hours are eligible for a premium payment, in addition to your base salary.
What you will do
Investigating escalations:
1. Investigate Level 2 escalated events and alerts which have been detected through Level 1 monitoring activities by the firm’s Managed Security Service Provider (MSSP) to identify potential incidents. Escalate these events further to senior colleagues and appropriate stakeholders when necessary.
2. Assist and advise junior colleagues during investigations where additional experience is required.
Incident Response:
3. Conduct initial triage and investigation of confirmed incidents.
4. Perform containment, mitigation, and remediation activities for incidents, ensuring that any required forensic evidence is gathered and documented appropriately along the process.
5. Participate in security incident response exercises and contribute to post-exercise reviews.
6. Be part of the Cyber Defence on-call rota, which may require out-of-hours work.
7. Pick-up and hand-off incident response activities with the rest of the Belfast Cyber Defence team to other teams in different time-zones across the globe, as per our 24-7 follow-the-sun global model.
Documentation and Process Improvement:
8. Maintain and improve playbooks and process documentation for Cyber Defence.
9. Ensure documentation reflects current threat landscapes and operational practices.
10. Implement and enhance cyber defence tooling and processes under senior oversight.
11. Develop new detection definitions and use cases for monitoring tools.
Mentoring, Collaboration, and Support:
12. Mentor junior colleagues to support their professional development and operational effectiveness.
13. Collaborate with other teams (e.g. Information Security, IT) to implement security controls and raise awareness.
14. Support the Threat and Vulnerability Management team in remediation activities by executing system and configuration changes.
15. Maintain awareness of current and emerging cyber threats, techniques, and procedures (TTPs) using threat intelligence insights from the Threat and Vulnerability Management team, applying this knowledge in daily operations.
16. Provide cyber defence guidance to business stakeholders, translating technical concepts into business language.
17. Maintain awareness of current and emerging cyber threats, techniques, and procedures (TTPs).
18. Assist the Information Security GRC team with client queries and audits from a cyber defence perspective.
What you will have
19. At least 3 years+ experience in a security operations or similar technical security role.
20. Operational-level experience in at least two of the following domains; Security engineering, Alert triaging, Rule writing, Incident response, Digital Forensics and Incident Response (DFIR), Threat intelligence and management, Vulnerability management, or Security control testing.
21. Strong understanding of networking and routing protocols (e.g. TCP/IP) and core services (e.g. DNS, SMTP).
22. Familiarity with cyber defence technologies and tooling, including:SIEM solutionsIntrusion Detection & Prevention Systems (ID/PS)Threat and vulnerability management platformsEndpoint protectionFirewalls
23. Highly analytical mindset with the ability to interpret data flows, assess anomalies, and draw meaningful conclusions.
24. Demonstrated ability to investigate complex security issues and propose effective solutions.
25. Excellent verbal and written communication skills, translating cyber security terminology into professional and straightforward language suitable for a global law firm which includes technical and non-technical teams.
26. High level of personal integrity and ethics, demonstrating an appropriate level of judgement.
27. A genuine passion for continuous learning and development in cybersecurity, staying up-to-date with the latest developments, trends, and technologies in the field.
You will stand out if you have
28. Bachelor’s degree in Information Security, Computer Science, Engineering, Technology, or a related field.
29. Industry-recognised certifications such as:CISSP (Certified Information Systems Security Professional)CEH (Certified Ethical Hacker)CISM (Certified Information Security Manager)CompTIA Security+
30. Experience working with major cloud service providers (CSPs) technologies, such as: Microsoft Azure Google Cloud Platform (GCP) Amazon Web Services (AWS)
31. Prior legal firm or professional services firm experience
32. Practical experience with scripting languages such as Python or PowerShell to support automation and tooling enhancements.