Cyber Security Incident Response & Threat Intelligence Analyst

Cyber Security Incident Response & Threat Intelligence Analyst

Team Overview The Cyber Security Operations Team is responsible for monitoring, detecting, and responding to cyber threats across Thomas Millers estate. We ensure the protection of digital assets and safeguard confidentiality, integrity and availability of systems. Working in a fast‑paced environment, the SOC provides 24/7 vigilance, rapid incident response, vulnerability oversight and actionable threat intelligence to reduce cyber risk.

Who Are We Looking For

We are seeking a Cyber Security Incident Response & Threat Intelligence Analyst to strengthen our SOC capability. The successful candidate will focus primarily on incident response while also supporting threat intelligence analysis. This hybrid role ensures we can both react quickly to active threats and proactively reduce risk exposure through continuous threat monitoring and remediation efforts. The ideal candidate will have an in‑depth understanding of the overall security landscape, be experienced in cyber security incident response, with a keen ability to detect and respond to complex security incidents, tuning detection systems to spot attacker Tactics, Techniques, and Procedures (TTPs).

Responsibilities

• Respond to and investigate cyber security incidents, including malware outbreaks, phishing attempts, insider threats and handle digital forensics.
• Continuously improve our monitoring systems\’ detection and response capabilities as well as processes, procedures, and playbooks.
• Lead Incident Response efforts when dealing with confirmed security incidents.
• Automate analysis and response steps to reduce manual toil.
• Help prioritise the creation of new SOC use cases to ensure optimum ROI for engineering effort.
• Monitor security alerts and suspicious activities from a variety of SOC tools.
• Utilise Microsoft security tools such as Microsoft Defender for Endpoint, Microsoft 365 Defender, and Azure Security Centre to detect, respond to, and mitigate security incidents.
• Perform root cause analysis to determine how breaches or incidents occurred and implement long‑term prevention strategies.
• Collaborate with other IT and security teams to address vulnerabilities and strengthen security posture.
• Conduct post‑incident analysis to identify areas for improvement and lessons learned.
• Maintain detailed records of security incidents, including incident timelines, analysis, and resolutions.
• Plan and execute monitoring system architectural changes.
• Communicate effectively at multiple levels of sensitivity and multiple audiences.
• Recognise, adopt and install the best practices in security engineering fields throughout the organisation: development, cryptography, network security, security operations, incident response, security intelligence.
• Gather, analyse and disseminate threat intelligence from internal and external sources.
• Provide intelligence‑driven recommendations for improved SOC detection and controls.

Technical Skills

• Hands‑on experience with vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
• Familiarity with threat intelligence platforms (e.g., Recorded Future, ThreatConnect, Mandiant).
• Experience with SOC tools such as SIEM (e.g., Splunk, IBM QRadar, ArcSight, Rapid7), Endpoint Detection and Response (EDR) (e.g., CrowdStrike, Carbon Black, SentinelOne, ArcSight), Intrusion Detection/Prevention Systems (IDS/IPS).
• Experience with Web Gateway and Web Proxy tools (e.g., Blue Coat, Zscaler, Forcepoint, Palo Alto).
• Strong knowledge of operating systems (Windows, Linux) and network protocols.
• Proficiency in analysing packet captures (Wireshark, tcpdump).
• Experience with cloud security monitoring (AWS, Azure, GCP).
• Knowledge of incident management frameworks like N, MITRE ATT&CK.

Education and Experience

• Bachelor’s Degree in Cyber Security, Information Technology, or a related field.
• 3–5 years of experience in SOC operations, incident response, threat intelligence, or similar roles within a SOC environment.
• Hands‑on experience responding to security incidents using SIEM and EDR tools.
• In‑depth knowledge of networking, security principles, and threat detection methodologies.
• Demonstrated ability to handle complex incident investigations and document findings effectively.
• Practical experience in network‑ and host‑based digital forensics across multiple operating systems.
• In‑depth experience working with a variety of monitoring tools, including SIEM, endpoint security, intrusion detection/prevention, packet analysis, CASB and SOAR.
• Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix.
• Strong organizational skills and attention to detail.
• Excellent written communication skills, with a focus on translating technically complex issues into simple, easy‑to‑understand concepts for non‑technical stakeholders.

Preferred Qualifications

• Industry certifications such as CISSP, GIAC (GCIH, GCIA, GCTI).
• Experience with forensic investigations, malware analysis and reverse engineering.
• Familiarity with regulatory frameworks (e.g., GDPR, PCI DSS) and their impact on incident procedures.
• Experience with advanced persistent threat (APT) detection and mitigation.
• Ability to work in a24/7 on‑call incident response environment.
• Excellent communication skills, with the ability to clearly document incidents and provide post‑incident reports to non‑technical stakeholders.
• Experience leading the deployment of a major SIEM platform (Splunk, QRadar, Sentinel, ArcSight, etc.) and/or EDR platform (CrowdStrike, Defender for Endpoint, Cybereason, etc.).
• 5+ years of experience in cyber security and adjacent fields such as systems engineering, network management, cloud security, and/or application security.
• 2+ years in a security engineering position or 2+ years of scripting/coding experience with one or more languages.
• Relevant industry certifications, a degree in cyber security or adjacent fields, or cyber security boot camps.
• Experience in Python, PowerShell, Bash.
• Experience with an Infrastructure as Code tool like Terraform.
• Familiarity with cloud platforms like AWS, Azure, GCP.