Advanced Cybersecurity Specialist

This is a challenging role that requires strong technical skills and excellent communication abilities. As a senior cybersecurity analyst, you will be responsible for leading incident response efforts and providing expert advice to junior analysts.

• You will take full ownership of incidents escalated by junior analysts and conduct complex investigations to identify root causes.
• You will develop customized scripts and procedures to automate repetitive tasks and improve the efficiency of incident response activities.
• You will provide expert advice on incident remediation and recovery efforts and develop threat remediation strategies.
• You will perform proactive analysis of the company's attack surface and advise on potential threats and attack vectors.
• You will review and provide feedback on security control capability gaps based on security intrusion trends.
• You will create and refine runbooks/playbooks for all alerts and on-board log sources.
• You will fine-tune EDR and other tooling to exclude noise and false positives.
• You will create and fine-tune content in SIEM - correlation rules, Dashboard and Reports.
• You will interact with SIEM, EDR and other SOC tooling vendors (TAC Support) to remediate any issues with tooling.
• You will monitor API threat detection, reporting and containments.
• You will demonstrate experience in conducting digital forensics investigations relating to incident detection and response.
• You will be responsible for making decisions and identifying required actions during high-severity security incidents.
• You will advise the Head of SOC, CISO and CSO on appropriate containment, eradication, and remediation measures.
• You will provide an after-hours point of escalation for critical incidents.
• You will define the operational roadmap and key metrics for incident detection and response.
• You will collaborate with internal stakeholders to align on and implement security incident detection and response processes.
• You will develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams.
• You will conduct compliance monitoring and perform SOC/SIEM security control testing.
• You will analyze, define, and manage the delivery of new SIEM rules.
• You will conduct use case testing and modify or create as and when required.
• You will create new custom detection rules using KQL.
• You will design and implement SIEM and EDR enhancements and configurations.

To succeed in this role, you will need to have the following skills and qualifications:

• Good knowledge of Microsoft Defender and Microsoft Sentinel, including developing complex KQL queries.
• Experience in performing digital forensics investigations.
• Experience in developing scripts (Python, Powershell, etc.) quickly in reaction to incidents.
• Demonstrate experience of good knowledge in information security principles applied to architecture, networks & systems, digital forensics, security risk assessments and software development).
• Good knowledge and understanding of technologies utilized in cyber security (SIEM, SOAR, Firewalls, IAM, IDS/IPS, Anti-malware, End Point Protection, Database Security, Threat management/intelligence).
• Actionable knowledge of MITRE ATT&CK framework.
• Effective knowledge of exploitable vulnerabilities and remediation techniques.
• Experience in automating manual processes for responding to security incidents.
• Experience in threat intelligence and CERT/CSIRT activities.
• Knowledge of current threat actor techniques.
• Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring.
• Awareness of tools and techniques used by attackers to enter corporate networks, including common IT system flaws and vulnerabilities.

In addition to a competitive salary and benefits package, you will also have the opportunity to work with a talented team of cybersecurity professionals and contribute to the development of the company's cybersecurity program.

The company is committed to providing ongoing training and development opportunities to its employees, including certification programs and conference attendance.