CSIRT Analyst; SC Cleared

In short:

Due to increased workload, we required a strong CSIRT Analyst to join the team. The team operates at a high level and we’re looking for someone who can work at Tier 1 and Tier 2 level. You’ll be responsible for using a multitude of tools and triaging and responding to events in an end-to-end capacity.

You must have current SC Clearance or lapsed SC (within 12 months).

The UK CSIRT Tier1 Analyst will deliver the actions and activities as required and detailed in Cyber Incident Response plans. Using technical expertise and co‑ordination capabilities, they will work within a team and individually, to respond to incidents and security events.

The role requires the individual to have a high level of performance and individual ability.

As part of the Cyber Security Incident Response Team (CSIRT), you will be employed within a global team as a Tier 1 CISRT analyst within its Cyber Security Operations Centre (CSOC) located in Warwick.

We respond as one global team, US & UK, comprising of analysts, senior analysts, principal analysts, & managers. This affords you a team you can query, learn, and rely upon.

Additionally, we have procedures ingrained within our technology to assist your investigations from triaging to containment.

Delivery

• As a CSIRT Analyst you will monitor, respond to, and investigate cyber security incidents, ensuring that the full end to end investigation of events are fully triaged.
• Respond to security events within the estate, including but not limited to:
• Splunk SIEM.
• Enterprise and OT Intrusion Detection/Prevention Systems (IDS/IPS).
• Phishing Emails.
• OT IDS.
• In‑house curated use cases aligning to our security tooling and technology within Enterprise, OT and CNI.
• Vulnerability reports.
• Operational Threat and Analytics (OTA) Team reports.
• Focus on continuous improvement and personal development.
• Provide continuous input into developing and maintaining incident response work instructions, processes, supporting documentation, SIEM automation and use cases.

We are open minded when it comes to hiring. If you are intellectually curious, a critical thinker, enjoy solving problems and possess the aptitude and attitude to learn, we would like to hear from you!

• Ability to investigate a person's behaviour and illustrate anomalous behaviour observed.
• Experience in packet capture analysis, EDR, IDS/IPS, SIEM and AV.
• Knowledge of Windows/Linux/Mac Host internals.
• Knowledge of Cloud, Azure, KQL, Scripting, Microsoft Defender.
• Knowledge of network protocols and windows enterprise domains.
• Knowledge of MITRE ATT&CK tactics and techniques.
• Knowledge of Splunk ES8.
• Knowledge of OT and CNI working environments.
• Knowledge of Kubernetes or associated Cloud Native Computing.
• Excellent written and verbal communication skills.
• Knowledge of IDS and IPS Snort rules.
• Knowledge of Network perimeter security devices.
• Security clearance.

Pontoon is an employment consultancy and operates as an equal opportunities employer.