Job Description

Role: Cyber Defence Analyst

Contract Length: 31/3/25

Location: West Midlands (5 days/week on site)

IR35: INSIDE

Rate: £795/day

Security Clearance: DV

Minimum Requirement:

• Strong Cyber defence experience
• Working in Enterprise SOC
• SIEM
• Understanding of different frameworks - Cyber Kill Chain / Mitre Attack

The Role

• Develop and integrate security event monitoring and incident management services.
• Respond to security incidents as they occur as part of an incident response team.
• Implement metrics and dashboards to give visibility of the Enterprise infrastructure.
• Use of the SOAR platform to assist with playbook automation and case management capabilities to streamline team processes and tools.
• Produce documentation to ensure the repeatability and standardisation of security operating procedures.
• Develop additional investigative methods using the SOC’s software toolsets to enhance recognition opportunities for specific analysis.
• Maintain a baseline of system security according to latest threat intelligence and evolving trends.
• Participate in root cause analysis of incidents in conjunction with engineers across the enterprise.
• Provide Subject Matter Expertise (SME) on a broad range of information security standards and best practices.
• Offer strategic and tactical security guidance including valuation requirement of technical controls.
• Be part of the CRM process
• Liaise with the SOC engineers to maintain up-to-date dashboards of security alerts, to allow the organisation to better respond to an incident.
• Document, validate and create operational processes and procedures to help develop the SOC.
• Assist in identifying, prioritising, and coordinating the protection of critical cyber defence infrastructure and key resources.

Desired Skills/Experience:

• Elastic Stack proficiency.
• Previous experience of Enterprise ICS/network architectures and technologies.
• Experience and knowledge of SIEM solutions; having the ability to identify use cases and their creation, their deployment and tuning.
• Previous experience of utilising the MITRE ATT&CK and Cyber Kill Chain frameworks.
• Skilled in using virtualisation software.
• Knowledge of key security frameworks (e.g. ISO, NIST 800-53).
• Ability to document and report security incidents clearly and concisely.
• Experience of writing Defence/Government documentation.
• Creation, development and management of security alert dashboards.

Desirable Qualifications:

• Broad Spectrum Cyber Course (CompTIA Sec+, SANS SEC401 or SEC501 or equivalent)
• SIEM Design, Architecture and Analyst Course (SANS SEC455 or SEC555 or equivalent)

Vetting: DV.

Disability Confident

As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group.

Armed Forces Covenant   

CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates / military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. 

If you qualify for the above, please notify us on 0121 794 8181.

We will be in touch to discuss your suitability and arrange your Guaranteed Interview.

Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know.

To apply for this role please submit your latest CV or contact Aspect Resources on 0121 794 8181