The in‑house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. This Cyber Defence Analyst will play a key role in solidifying the firm's security posture to ensure the confidentiality, integrity, and availability of the firm's systems and data. Weekend working is a requirement for this role, with exact shift patterns to be discussed at interview. All weekend hours are eligible for a premium payment, in addition to your base salary.
Responsibilities
* Investigate and prioritise Level 2 escalated events and alerts identified by the Managed Security Service Provider (MSSP) in Level 1 monitoring.
* Escalate events to senior colleagues and appropriate stakeholders when necessary.
* Investigate potential cyber‑security and data‑loss incidents raised by firm employees and third parties using the defined playbooks for the Cyber Defence team.
* Respond to inbound queries to the information security mailbox, consulting with senior colleagues for advice where required.
* Participate in incident‑response activities, including CSIRT activities, for confirmed incidents in local time zone:
o Conduct initial triage and investigation.
o Assist with containment, mitigation and remediation, ensuring forensic evidence is gathered and documented.
* Participate in security incident‑response exercises and contribute to post‑exercise reviews.
* Be part of the Cyber Defence on‑call rota, which may require out‑of‑hours work.
* Pick‑up and hand‑off incident‑response activities with the rest of the Belfast Cyber Defence team and other teams in different time zones as part of a 24‑7 follow‑the‑sun global model.
* Maintain awareness of current and emerging cyber threats, techniques and procedures (TTPs) using threat‑intelligence insights from the Threat and Vulnerability Management team.
* Assist with implementation and enhancement of new and existing cyber‑defence tools and processes.
* Contribute to the maintenance and improvement of playbook and process documentation for Cyber Defence.
* Collaborate with other areas of the firm (e.g. wider information security and IT teams) to improve the firm's security posture.
* Advise business stakeholders on Cyber Defence, translating complex technical concepts into business‑friendly language.
Qualifications
* At least 1+ year's experience in a security operations or similar technical security role.
* Operational‑level experience in at least two of the following domains: Security engineering, alert triaging, rule writing, incident response, digital forensics and incident response (DFIR), threat intelligence and management, vulnerability management, or security control testing.
* In‑depth understanding of networking and routing protocols (e.g. TCP/IP) and services (e.g. DNS, SMTP).
* Experience with cyber defence technologies and tooling, including:
o SIEM solutions
o Intrusion Detection/Prevention Systems (ID/PS)
o Threat and vulnerability management platforms
o Endpoint protection
o Firewalls
* Highly analytical mindset with strong problem‑solving skills.
* Ability to interpret data flows, assess security events and draw logical conclusions.
* Excellent written and verbal communication skills.
* Ability to collaborate effectively across technical and non‑technical teams.
* High level of personal integrity and ethics, demonstrating appropriate judgement.
* Genuine passion for continuous learning and development in cybersecurity.
* Additional qualifications that would be advantageous:
o Bachelor's degree in Information Security, Computer Science, Engineering, Technology or related field.
o Industry‑recognised certifications such as CISSP, CEH, CISM or CompTIA Security+.
o Practical programming or scripting experience with Python and PowerShell.
Should you require additional support at any stage of the recruitment process due to a disability or a health condition, please do not hesitate to contact a member of our recruitment team who will work with you to provide any adjustments as required.
#J-18808-Ljbffr