Lead Cyber Operations Analyst (Ref: 189696)

Our client believes in making Britain more connected, so we can all lead smarter, greener lives. They are a relatively young company, with a very mature assignment. What they do will enable innovators to provide smart solutions for the future – something that has never been done anywhere in the world. They are true game-changers in that respect.

It’s an exciting time to join their business. Their universal, secure network will reach 30 million homes and businesses, making it the largest network in Britain. The organisation has evolved as quickly as it’s grown, and the scope of what they deliver – and what’s on their roadmap – goes far beyond their original remit.

Their people mission is clear: to motivate individuals to be the best they can be. In turn, this produces the best talent, helping the business remain high-performing and a great place to work.

They are good at what they do, but not perfect. They don’t always get things right, but when mistakes happen, they fail fast – fixing the problem, learning, and moving forward. They value all of their people, celebrate diversity, and operate within a culture of mutual respect where everyone feels included.

They are looking for people who are innovative and professional by default, with the drive to push themselves to be the best. If you want to grow within a fast-paced business and thrive in an environment of change, this is the place for you.

This role will lead our approach to security response for our client, assisting with the toolsets, processes and capabilities required to effectively deliver a world class Security Operations Centre. Responsibilities will include, leading security investigations (including major incidents), building new detection content and developing the team through facilitating tabletop exercises and simulations.

You will be joining an exciting area and will be instrumental in supporting and advancement of the operational security capabilities in the Cyber Security Team. There will be opportunity to work on and establish new security projects, as well as provide an advisory role to other elements of the business and wider smart energy industry on best practice.

The role will require you to establish positive relationships with key stakeholders in the Risk, Technology and Operations teams, as well as establishing yourself as a SME for cyber security within the organisation.

• Act as a technical escalation & primary point of contact for the Security Operations Manager, leading during security incidents, working collaboratively to establish the extent of an attack, the business impacts, and advising on how best to contain the incident along with system hardening and mitigation measures to prevent a re-occurrence.

• Provide operational oversight on day-to-day activities within the team, ensuring incidents are escalated appropriately and work with other functions to close reoccurring problems.

• Provide supervisory support to the Security Operations Manager when necessary and help develop talent within the team through supporting junior analysts, technical training, and tabletop exercises.

• Lead use case development through auditing, approval and assigning tasks across the team, alongside developing new detection content including machine learning analytics and Security Automation.

• Update protective monitoring/SOC documentation, processes and procedures, ensuring their currency. Assist in the development of operational metrics and dashboard reporting.

• Support in building and developing threat intelligence capabilities within DCC, creating a robust community across smart metering. Implementing industry-leading techniques and procedures to cultivate a highly respected and influential team.

• Synthesis industry trends identified through threat intelligence into actionable insight and improvement initiatives across the organization & wider smart energy community.

• Work collaboratively with internal and external teams to identify opportunities for security improvements. Review products that can advance our security capabilities, such as tools that support analysis/detection and other emerging technologies.

• Gather forensic data and physical equipment, to perform in-depth root cause analysis.[RV1] [GO2] 

•  [RV1]Do we want anything about industry trends (like our interview question)?

•  [GO2]Added in a couple of bits around TI and synthesising this into actionable insight

• Must have demonstratable experience in incident management and response, including leading investigations in complex environments where established processes may not fully apply, requiring initiative and adaptable problem-solving.

• Ability to work independently and collaboratively to deliver personal and team objectives, liaising with relevant teams to build relationships.

• Able to work under pressure and make judgment calls based on available information.

• Previous experience within a Security Operations role.

• In-depth understanding of the cyber threat landscape, advanced adversary tactics, and the MITRE Att&ck Framework.

• Knowledge of cloud environments and SaaS applications such as AWS, Azure, Office 365, & Defender.

• Must have the ability to gain and hold HMG Security Clearance at “Security Check” (SC) level.

• Able to present information clearly to a range of audiences and influence decision making.

Desirable Skills:

• Previous experience in a similar role (Senior SOC Analyst, Lv3 SOC Analyst, etc)

• Demonstratable experience of using Elasticsearch[RV1] [OG2] .