Cyber Defence Analyst

As a Cyber Defence Analyst you will join the Cyber Fusion Center performing in-depth analysis assessment and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian.You will be a part of the first line of defence in Experians broader incident response and incident management departments responsible for receiving and prioritizing cybersecurity alerts including being the dedicated contact for potential security incidents reported by users (e.g. Experian employees). Depending on the results of assessment this team is then responsible for investigating containing eradicating and recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC.This role is critical in ensuring the handling of potential threats and plays a part in improving security operations.This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection.Please note that in this role you will have an 8x5 Monday-Friday schedule with flexibility to respond to after-hours pages for potentially major security incidents to support incident response efforts and may include assignment to an on-call rotation for evenings weekends holidays.Summary of Primary ResponsibilitiesAs the Cyber Defence Analyst you will:Contribute to daily security operations by overseeing response activities for security events and alerts associated with cyber threats intrusions and compromises alongside a team of global security analysts following documented SLOs and processes.Analyze events using security tooling and logging (e.g. SIEM EDR) and assess potential risk / severity level of cyber threats; escalate higher-risk events to dedicated incident response and management teams in the CFC according to established processes.Collaborate with external teams for incident resolution and escalations driving incident handlingNotify team Lead(s) of concerns related to operations such as anomalous changes in metrics notable open incidents quality concerns or observed risks; support with resolution if appropriateManage and complete assigned caseload throughout the incident response lifecycle including analysis containment eradication recovery and lessons learned.Maintain all case documentation including notes analysis findings containment steps and cause for each assigned security incident. Ensure incident updates or contact with end-users are performed promptly and documented.Help improve relevant strategies Standard Operating Procedures (SOPs) and training materialsSupport managements overall strategy for CFC by participating in execution of improvement programs together with managements plansAssist the team Leads and management on use case development by suggesting enhancement or tuning of use cases to improve the security posture of ExperianQualifications : Some information security experience working within a Security Operations Center or Cyber Security Incident Response TeamsBachelors Degree in Computer Science Computer Engineering Information Systems Information Security or professional certification related to Digital Forensics Incident Response or Ethical Hacking (e.g. GCIH CEH GCFE GCFA and CFCE).Knowledge of main concepts related to the Incident Response Life Cycle MITRE ATT&CK Framework Cyber Kill Chain and other cybersecurity frameworks.High-level understanding of common intrusion methods and cyber-attack tactics techniques and procedures (TTPs) and common industry recommendations to prevent and respond to threats such as phishing malware network attacks suspicious activity data security incidents.Exposure to technical elements of common Operating Systems (Windows Linux Mac OS) Networking (Firewalls Proxies NetFlow) Cloud Infrastructure (AWS Azure GCP) and Security Technologies (Anti-Virus Intrusion Prevention Web Application Firewalls)Interest in developing knowledge across common Incident Response and Security Monitoring applications such as SIEM (e.g. Qradar Splunk) EDR (e.g. FireEye HX CrowdStrike Falcon Microsoft Defender) and SOAR (Palo Alto XSOAR Google Secops / Chronicle)Desire to build technical skills and hands-on knowledge in the following areas of security operations and incident responseIn-depth packet analysis skills core forensic familiarity incident response skills public could security practices and data fusion skills based on multiple security data sourcesSecurity analysis and architecture of Azure and AWS cloud environment using security tools including Defender for Cloud GuardDuty CloudTrail or CloudWatch.System administration on Unix Linux or WindowsNetwork forensics logging and event managementDefensive network infrastructure (operations or engineering)Vulnerability assessment and penetration testing conceptsMalware analysis concepts techniques and reverse engineeringIn-depth knowledge of network and host security technologies and products (such as firewalls network IDS scanners) and improve these skillsSecurity monitoring technologies such as SIEM IPS/IDS UEBA DLP among othersScripting and automationAdditional Information : Benefits package includes:Flexible work environment working hybrid or in the office if you prefer.Great compensation package and discretionary bonus planCore benefits include pension bupa healthcare sharesave scheme and more25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experians DNA and practices and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work irrespective of their gender ethnicity religion colour sexuality physical ability or age. If you have a disability or special need that requires accommodation please let us know at the earliest opportunity.Experian Careers - Creating a better tomorrow togetherFind out what its like to work for Experian by clicking hereRemote Work : YesEmployment Type : Full-time Key Skills ArcGIS,Intelligence Community Experience,GIS,Python,Computer Networking,Data Collection,Intelligence Experience,R,Relational Databases,Analysis Skills,Data Management,Application Development Experience: years Vacancy: 1