Cyber Security Incident Response & Threat Intelligence AnalystThomas Miller • London, England, United Kingdom
Cyber Security Incident Response & Threat Intelligence Analyst
Thomas Miller
- London, England, United Kingdom
- London, England, United Kingdom
Über
Cyber Security Incident Response & Threat Intelligence Analyst
role at
Thomas Miller .
Team Overview The Cyber Security Operations Team monitors, detects, and responds to cyber threats across Thomas Miller’s estate. The team safeguards digital assets, protects confidentiality, integrity, and availability of systems, and operates 24/7 to provide rapid response, vulnerability oversight, and actionable threat intelligence.
Responsibilities
Respond to and investigate cyber security incidents, including malware outbreaks, phishing attempts, insider threats, and digital forensics.
Continuously improve monitoring systems’ detection and response capabilities, procedures, and playbooks.
Lead incident response efforts for confirmed security incidents.
Automate analysis and response steps to reduce manual toil.
Prioritize creation of new SOC use cases to achieve optimal return on engineering effort.
Monitor security alerts and suspicious activities from a variety of SOC tools.
Utilize Microsoft security tools such as Microsoft Defender for Endpoint, Microsoft 365 Defender, and Azure Security Center for detection, response, and mitigation.
Perform root‑cause analysis to determine how breaches or incidents occurred and implement long‑term prevention strategies.
Collaborate with IT and security teams to address vulnerabilities and strengthen security posture.
Conduct post‑incident analysis to identify improvement areas and lessons learned.
Maintain detailed records of incidents, including timelines, analyses, and resolutions.
Plan and execute monitoring system architectural changes.
Communicate effectively across multiple audiences and sensitivity levels.
Adopt best practices in security engineering across development, cryptography, network security, security operations, incident response, and threat intelligence.
Gather, analyze, and disseminate threat intelligence from internal and external sources.
Recommend intelligence‑driven improvements to SOC detection and controls.
Qualifications
Bachelor’s Degree in Cyber Security, Information Technology, or a related field.
3–5 years’ experience in SOC operations, incident response, threat intelligence, or similar roles.
Hands‑on experience responding to security incidents using SIEM and EDR tools.
In‑depth knowledge of networking, security principles, and threat‑detection methodologies.
Demonstrated ability to handle complex incident investigations and document findings effectively.
Practical experience in network‑ and host‑based digital forensics across multiple operating systems.
Strong organizational skills and attention to detail.
Excellent written communication skills with the ability to translate complex technical issues into clear, concise language.
Excellent communication skills for documenting incidents and providing post‑incident reports to non‑technical stakeholders.
Experience leading the deployment of a major SIEM platform (e.g., Splunk, QRadar, Sentinel, ArcSight) and/or EDR platform.
Technical Skills
Vulnerability management tools (e.g., Nessus, Qualys, Rapid7).
Threat intelligence platforms (e.g., Recorded Future, ThreatConnect, Mandiant).
SIEM (e.g., Splunk, IBM QRadar, ArcSight, Rapid7).
Endpoint Detection and Response (e.g., CrowdStrike, Carbon Black, SentinelOne).
Intrusion Detection/Prevention Systems (IDS/IPS) (e.g., Snort, Suricata).
Firewalls and network monitoring tools (e.g., Palo Alto, Cisco ASA, Check Point).
Security Orchestration, Automation and Response (SOAR) platforms (e.g., Demisto, Phantom).
Web gateway and proxy tools (e.g., Blue Coat, Zscaler, Forcepoint, Palo Alto).
Strong knowledge of Windows, Linux operating systems and network protocols.
Packet‑capture analysis (e.g., Wireshark, TShark).
Scripting languages (Python, Bash, PowerShell).
Cloud security monitoring for AWS, Azure, and GCP.
Familiarity with incident‑management frameworks (NIST, MITRE ATT&CK).
Preferred Qualifications
Industry certifications such as CISSP, GIAC (GCIH, GCIA, GCTI).
Experience with forensic investigations, malware analysis, and reverse engineering.
Familiarity with regulatory frameworks (GDPR, PCI DSS) and their impact on incident response.
Experience with advanced persistent threat (APT) detection and mitigation.
Comfort working in a 24/7 on‑call incident response environment.
Strong communication skills for documentation and stakeholder reporting.
5+ years’ experience in cyber security and adjacent fields.
2+ years’ experience in security engineering and scripting/coding.
Experience with Infrastructure as Code tools (e.g., Terraform).
Familiarity with cloud platforms (AWS, Azure, GCP).
Seniority level:
Mid‑Senior level
Employment type:
Full‑time
Job function:
Information Technology
Industries:
Insurance
This position is actively recruiting. Join our team to help protect Thomas Miller’s digital assets.
#J-18808-Ljbffr
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot stammt von einer Partnerplattform von TieTalent. Klicken Sie auf „Jetzt Bewerben“, um Ihre Bewerbung direkt auf deren Website einzureichen.