Cyber Security Operations - Senior Analyst

About the role — Overview

Astuco is recruiting a Cyber Security Operations – Senior Analyst to join the Security Operations Centre (SOC) of a major defence and security client. Reporting to the Service Operations Lead, you’ll own the people, processes and technology that deliver the PROTECT, DETECT and RESPOND controls of the NIST Cyber Security Framework. This is a hands-on senior role for an experienced SOC practitioner who can maintain and optimise detection tooling, lead on vulnerability and incident management, and help shape the wider SOC strategy. Current DV clearance is essential.

Responsibilities

• Maintain the SOC PROTECT, DETECT and RESPOND toolsets day to day, and support the development, implementation and configuration of new or revised tooling.
• Drive optimisation and automation across the toolset, with full visibility and independent assurance that all assets are managed within the security wrap.
• Own vulnerability scanning tooling and planning, and contribute to the wider SOC strategy.
• Integrate standard and non-standard log sources into the SIEM, and optimise threat detection across DLP, SIEM, advanced email protection, EDR, antivirus and IPS/IDS.
• Lead vulnerability and incident identification, assessment, quantification, reporting, communication, mitigation and monitoring (including IOCs).
• Review and respond to change requests for SOC tooling, logging and monitoring.
• Write detection signatures, tune systems and tools, and develop automation scripts and correlation rules.
• Maintain current knowledge of adversary TTPs and conduct forensic analysis, engaging third-party resources where required.
• Ensure compliance with SLAs, KPIs and process; drive continuous improvement and corrective action.
• Manage, administer and maintain security devices; coordinate with internal and external stakeholders.

Candidate Requirements — Essential

• Current DV clearance.
• Strong hands-on experience implementing/maintaining/configuring SIEM and SOAR platforms, including Trend, Tripwire, Tanium, Clearswift, Elastic and SolarWinds.
• Ability to understand, modify and create threat-detection and correlation rules, and engineer dashboards correlating data across multiple sources.
• Solid knowledge of Windows and Linux.
• Forensics, malware analysis (including reverse engineering to create IOCs/rules) and threat intelligence.
• Log collection/aggregation — ELK, syslog-NG, Windows Event Forwarding, etc.
• Strong background in attacker TTPs and IoCs; technical understanding of current threats and trends.
• Familiarity with IDS, web application firewalls and IP reputation systems.
• Scripting in Python, Perl, PowerShell, BASH or equivalent; plus network forensics tooling.
• ISO 27001:2022 controls, MITRE ATT&CK framework, and ITIL v3/v4 Foundation.

Candidate Requirements — Desirable

CompTIA A+, Security+, CySA+ or PenTest+ · MCSE · SANS 504 (Incident Handling) and SANS 511 (Continuous Monitoring).

How to Apply

If you're excited by the opportunity to join Astuco Ltd and make a real impact on complex technical solutions, we'd love to hear from you. Please submit your CV and a brief cover outlining your relevant experience and why you're interested in this role to: recruitment@astu.co