Security Incident Coordination Analyst

As part of the SIC Team, you will:

• Monitor security tooling, conduct triage and analysis of alerts, events, and security incidents.
• Validate, verify, and report on protective or countermeasure solutions, both technical and administrative.
• Coordinate and investigate security incidents through to resolution.
• Collaborate with resolver groups to respond to and investigate security incidents.
• Manage functional mailboxes and respond to email inquiries from the account and clients.
• Oversee security ticket queues and review and raise security incidents in ticketing systems.
• Assist in security reporting, ensuring timely and quality delivery.
• Prepare and present reports using Microsoft PowerPoint and Excel.
• Provide Critical Incident Response Reports and lessons learned to stakeholders.
• Handle legal and law enforcement-related issues as necessary.
• Review security incidents periodically for trend analysis and recommend improvements or sales opportunities to the Security Delivery Lead.
• Respond to incidents following playbooks and the Security Incident Management Process.
• Advise the account on Critical Security Advisories, including responses to Threat Advisories, ModCerts, Carecert, and emergency patches.
• Develop and maintain a vulnerability management system for zero-day vulnerabilities.
• Manage security information requests from clients.
• Lead on complex incidents and ensure lessons learned are documented and processes are updated.
• Review and update SIC Team processes regularly.
• Ensure all obligations, like monthly reporting, are met on time and to standard.
• Keep the Security Delivery Lead informed of relevant incidents and issues.
• Provide standby (on-call) coverage for high-severity incidents as per rota.
• Work flexible hours as required, e.g., 8am-4pm or 10am-6pm.
• Maintain current security clearance or willingness to obtain one.

Training:

• Complete mandatory training in line with enterprise requirements and deadlines.
• Stay informed on threat actors, advanced persistent threats, and zero-day exploits.
• Show enthusiasm and a desire to develop skills and knowledge.

Person Specifications:

• Experience in handling, responding, and investigating cybersecurity incidents.
• Good analytical skills and experience with log analysis.
• Knowledge of protective monitoring tools (e.g., ArcSight, Tanium, McAfee, Symantec, MS Defender, Microsoft 365, Azure, Azure Sentinel).
• Threat and vulnerability management experience.
• Experience reviewing malware alerts and working in SOCs, ticketing systems, and stakeholder interactions.
• Strong relationship-building skills with colleagues and stakeholders.
• Understanding of security best practices and relevant legislation.
• Self-motivated with up-to-date knowledge of security threats and trends.
• Excellent communication, influencing, negotiating, and engagement skills.
• Leadership skills in team interactions.
• Sound judgment, decision-making, and problem-solving skills; ability to remain calm under pressure.
• Ability to meet tight deadlines and work effectively in high-pressure situations.
• Experience in writing procedures and reports.
• Ability to work independently and as part of a team.
• Recognized security qualifications (e.g., CISSP, CISM) or willingness to obtain them.
• Proven security industry experience, preferably in public sector or armed services.
• Knowledge of tools, equipment, and forensic requirements for incident response and evidence collection.