Cyber Security Analyst (Contract)

We are looking for a Cyber Security Analyst to work out of Erskine….. Project description The Tier 2 Cyber Security Analyst is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential threats to the organization. This role is crucial in the escalated investigation, triage, and response to cyber incidents while supporting the development and training of Tier 1 Analysts. Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising on initial response actions. • Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. • Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service Tier objectives (SLOs). • Investigate potential security incidents by conducting deeper analysis on correlated events and identifying patterns or anomalies that may indicate suspicious or malicious activity. • Use OSINT (Open-Source Intelligence) to enrich contextual data and enhance detection capabilities, contributing to a proactive stance on emerging threats. • Collaborate with Tier 3 Analysts on tuning SIEM and detection tools to reduce false positives and improve alert fidelity, submitting tuning requests and testing configurations when necessary. • Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases tailored to the organization’s threat profile. • Act as a mentor to Tier 1 Analysts, offering guidance on triage and analysis techniques and facilitating on-the-job training to elevate their technical skills and operational efficiency. • Assist in training sessions and knowledge-sharing activities, providing feedback on areas for growth and contributing to a supportive learning environment within the SOC. Understands advanced networking concepts, including IP addressing, basic network protocols, and how traffic flows within a network. • Advanced knowledge of Windows and Linux operating environments, including standard commands, file systems, and user authentication mechanisms. • ArcSight, Azure Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. • Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search and filter logs effectively. • Familiar with open-source intelligence (OSINT) techniques to aid in identifying potential threats and gathering information. • Able to create concise, structured reports that outline findings from preliminary investigations and daily monitoring activities. • Shows initiative in learning new technologies and techniques, leveraging internal resources and training to grow professionally. • Able to function efficiently during high-pressure situations, following procedures to ensure consistent performance in incident management. University Degree/Diploma in Cyber Security or Equivalent experience • Other IT certifications or experience such as CISSP, COMPTIA CySA+, GCIA, GCIH Desirable • IT certifications such as CASP or ITIL • which means you must be British born with a sole British passport • Full Driving Licence • Fluent in written and spoken English Onsite at either Erskine, 6 month contract Circa £500/day inside IR35