CSIRT Analyst (SC Cleared) Utilities Hybrid: 3 days per week in Warwick 6 months+ £750 per day

In short: Due to increased workload, we required a strong CSIRT Analyst to join the team. The team operates at a high level and we're looking for someone who can work at Tier 1 and Tier 2 level. You'll be responsible for using a multitude of tools and triaging and responding to events in an end-to-end capacity.

Essential: You must have current SC Clearance or lapsed SC (within 12 months).

In full:

Job Purpose

The UK CSIRT Tier1 Analyst will deliver the actions and activities as required and detailed in Cyber Incident Response plans. Using technical expertise and co-ordination capabilities, they will work within a team and individually, to respond to incidents and security events.

The role requires the individual to have a high level of performance and individual ability.

As part of the Cyber Security Incident Response Team (CSIRT), you will be employed within a global team as a Tier 1 CISRT analyst within its Cyber Security Operations Centre (CSOC) located in Warwick.

We respond as one global team, US & UK, comprising of analysts, senior analysts, principal analysts, & managers. This affords you a team you can query, learn, and rely upon.

Additionally, we have procedures ingrained within our technology to assist your investigations from triaging to containment.

The UK position is a hybrid working role. Tues, Weds, Thurs onsite.

Delivery

As a CSIRT Analyst you will monitor, respond to, and investigate cyber security incidents, ensuring that the full end to end investigation of events are fully triaged.

• Respond to security events within the estate, including but not limited to:

Microsoft Azure Cloud.

• Splunk SIEM.
• Enterprise and OT Intrusion Detection/Prevention Systems (IDS/IPS).
• Phishing Emails.
• OT IDS.
• Endpoint Detection & Response (EDR).
• In-house curated use cases aligning to our security tooling and technology within Enterprise, OT and CNI.
• Vulnerability reports.
• Pentesting reports.
• Operational Threat and Analytics (OTA) Team reports.
• Focus on continuous improvement and personal development.
• Provide continuous input into developing and maintaining incident response work instructions, processes, supporting documentation, SIEM automation and use cases.

What you'll need

We are open minded when it comes to hiring. If you are intellectually curious, a critical thinker, enjoy solving problems and possess the aptitude and attitude to learn, we would like to hear from you!

Desirable experience would include:

• Ability to investigate a person's behaviour and illustrate anomalous behaviour observed.
• Experience in packet capture analysis, EDR, IDS/IPS, SIEM and AV.
• Knowledge of Windows/Linux/Mac Host internals.
• Knowledge of Cloud, Azure, KQL, Scripting, Microsoft Defender.
• Knowledge of network protocols and windows enterprise domains.
• Knowledge of MITRE ATT&CK tactics and techniques.
• Knowledge of Splunk ES8.
• Knowledge of OT and CNI working environments.
• Knowledge of Kubernetes or associated Cloud Native Computing.
• Excellent written and verbal communication skills.
• Knowledge of IDS and IPS Snort rules.
• Knowledge of Network perimeter security devices.
• Security clearance.

Please be advised if you haven't heard from us within 48 hours then unfortunately your application has not been successful on this occasion, we may however keep your details on file for any suitable future vacancies and contact you accordingly. Pontoon is an employment consultancy and operates as an equal opportunities employer.

We use generative AI tools to support our candidate screening process. This helps us ensure a fair, consistent, and efficient experience for all applicants. Rest assured, all final decisions are made by our hiring team, and your application will be reviewed with care and attention.