Cyber Security Analyst

Working Arrangements: Monday to Friday 9.30am-5.30pm Hybrid work pattern.

Overall Objective of Role: The Cyber Security Operations Team is a critical component of the Thomas Miller security infrastructure, responsible for monitoring, detecting, and responding to security threats in real time. The team partners with a 3rd party to ensure constant vigilance over the security landscape. The Cyber Security Analyst detects, analyses, investigates and responds to alerts and threats within the environment.

Specific Responsibilities:

• Monitor security alerts, events, and potential threats using SOC tools.
• Respond to and investigate cyber security incidents, including malware outbreaks, phishing attempts and data breaches.
• Perform incident response, including triaging, investigation, and resolution of security incidents.
• Analyse network traffic, logs, and alerts to detect malicious activity.
• Conduct root-cause analysis on security breaches and vulnerabilities.
• Prepare and maintain detailed incident reports and post-incident documentation.
• Collaborate with other teams to improve overall security posture.
• Implement and follow standard operating procedures (SOPs) for threat management and incident response.
• Perform regular vulnerability assessments and recommend remediation.
• Stay updated with emerging security trends, vulnerabilities, and exploits.
• Participate in red and blue team exercises to simulate attack and defence scenarios.
• Collate and distribute monthly Threat Vulnerability Management (TVM) reports to senior stakeholders.

Person Specification:

• 1-3 years of experience working in a SOC or similar role.
• Experience with SIEM tools and performing security investigations.
• Strong understanding of networking concepts, protocols, and security principles.
• Knowledge of security incident handling, malware analysis, and threat intelligence.
• Excellent problem-solving skills and attention to detail.
• Experience with advanced threat detection techniques and tools.
• Hands-on experience with forensic analysis, malware reverse engineering, or penetration testing.
• Familiarity with regulatory frameworks (e.g., GDPR, FCA, PCI) and compliance requirements.
• Strong communication skills with the ability to translate technical details to non-technical stakeholders.

Technical Skills:

• Experience with SOC tools such as: SIEM (e.g., Splunk, IBM QRadar, ArcSight, Rapid7).
• Endpoint Detection and Response (EDR) (e.g., CrowdStrike, Carbon Black, SentinelOne, Rapid7).
• Vulnerability Management tools (e.g., Nessus, Qualys, Rapid7).
• Threat Intelligence Platforms (e.g., Recorded Future, ThreatConnect).
• Firewalls and Network Monitoring tools (e.g., Palo Alto, Cisco ASA, Checkpoint).
• Security Orchestration Automation and Response (SOAR) platforms (e.g., Demisto, Phantom).
• Experience with Web Gateway and Web Proxy tools (e.g., Netskope, Blue Coat, Zscaler, Forcepoint, Palo Alto).
• Strong knowledge of operating systems (Windows, Linux) and network protocols.
• Proficiency in analysing packet captures (Wireshark, TCPDump).
• Familiarity with scripting languages such as Python, Bash, or PowerShell.
• Experience with cloud security monitoring (AWS, Azure, GCP).
• Knowledge of incident management frameworks like NIST, MITRE ATT&CK.

Preferred Qualifications:

• Certification such as CompTIA Security+.
• Bachelor's degree in Computer Science, Information Security, or related field.

Seniority level: Associate

Employment type: Full-time

Job function: Information Technology

Industries: Insurance