JOB SUMMARY
As a Cyber Security Analyst, you will play
a key role in strengthening our security posture by monitoring and assessing
security alerts, responding to security incidents, managing endpoint security
software, conducting quarterly access reviews, and helping put preventative
controls in place. Working within our growing Cyber Security department, you
will dive deep into security logs, identify anomalies, filter out the noise,
and help maintain a robust defence across our infrastructure - including
Microsoft 365, cloud gateways, and corporate systems. This role reports to the
Cyber Security Lead.
DUTIES & RESPONSIBILITIES
1. Continuous
Log Review & Monitoring
·
Monitor, aggregate, and analyse
security logs from multiple sources - SIEM, firewalls, Endpoint Detection &
Response (EDR), and email security gateways - to detect potential security
incidents.
·
Maintain ongoing visibility
across the environment to surface suspicious activity and emerging threats at
the earliest opportunity.
2. Triage
& Escalation
·
Filter false positives from
genuine anomalies and investigate alerts to determine their validity and
impact.
·
Escalate validated security
threats to department leadership with clear, well-structured documentation.
3. Incident
Response & Documentation
·
Support the response to
security incidents, helping to contain, investigate, and remediate threats.
·
Assist in drafting incident
timelines and maintaining incident logs for the past 12 months to support
regulatory and compliance audits.
4. Endpoint
& Preventative Security
·
Manage and maintain endpoint
security software across corporate devices.
·
Help design and implement
preventative controls and prevention systems to reduce the organisation's
attack surface.
5. Access
Reviews & Governance
·
Conduct quarterly access
reviews to validate user permissions and enforce least-privilege access.
·
Strengthen Cyber Security
governance, audit readiness, and control discipline through consistent review
practices.
6. Logging
Health & Status Checks
·
Ensure logging mechanisms
across the infrastructure are active, functioning correctly, and adhering to
company retention policies.
·
Identify and follow up on gaps
in log coverage or retention to maintain audit integrity.
7. Threat
Intelligence Monitoring
·
Monitor threat intelligence
feeds, vendor advisories, and CVE disclosures to stay ahead of emerging threats
and attacker techniques.
·
Apply indicators of compromise
(IOCs) and threat intelligence to detection rules and proactive threat-hunting
across the environment.
8. Vulnerability Management Support
·
Assist with regular
vulnerability scans across endpoints, servers, and cloud workloads, and help
interpret the results.
·
Track identified
vulnerabilities through to remediation, working with IT teams to prioritise
fixes based on risk and exposure.
CANDIDATE’S PROFILE
Qualifications & Experience
Required
·
Bachelor’s degree in computer
science, Network Engineering, or Cyber Security.
·
Minimum 1 year of professional
experience in a Security Operations Centre (SOC) environment or a dedicated IT
security role.
·
Practical, demonstrable
experience using a SIEM tool (e.g., Splunk, LogRhythm, or similar) to query,
filter, and analyse event logs.
·
Hands-on experience with modern
security tools and frameworks, including the NIST Cybersecurity Framework (CSF
2.0).
Key competences (Knowledge, Skills,
Attitudes, Behaviours)
·
Log Parsing &
Interpretation: Deep understanding of how to read
and interpret Event IDs, Syslog data, Windows/Linux security logs, and cloud
audit trails.
·
Network & Cloud
Protocols: Solid grasp of core networking concepts
(TCP/IP, DNS, HTTP/S) and cloud environments, specifically Microsoft 365 /
Entra ID.
·
Phishing & Email
Security: Familiarity with email authentication
standards (SPF, DKIM, DMARC) and analysing email headers for malicious traits.
·
Scripting: Basic proficiency in PowerShell, KQL (Kusto Query Language), or
Python to automate routine log-filtering tasks.
·
The "Detective"
Mindset: Exceptional analytical skills and an
innate curiosity to dig into data until an anomaly is fully explained.
·
Clear Communicator: Ability to translate complex log data into clean, concise notes for
leadership and incident-response timelines.
· Time Management: Highly organised and able to stay focused and prioritise during
high-volume alert periods.
