Our client is one of the world's leading law firms, helping clients achieve their goals by combining the highest global standards with local expertise. The firm has unrivalled scale and depth of legal resources across the three key markets of the Americas, Asia and Europe and focuses on the core areas of commercial activity: capital markets; corporate and M&A; finance and banking; real estate; tax; pensions and employment; litigation and dispute resolution.
Alongside world-class legal careers, our client offers excellent opportunities in the support functions that underpin its business operations. By joining us in Business Services, you will help us to innovate in the way we deliver our services and enable us to run a successful multinational business that never stands still. Business Services are integral to the running of the firm and are critical to its success.
Our client is not alone in facing increasing cyber security threats and information risks. We are a small team that works closely with our colleagues in Information Security, other parts of IT and right across the firm globally.
The Cyber Security Analyst will have a solid IT background covering Operating Systems, IP Networking, firewalls and boundary controls, IDS/IPS, coupled with excellent troubleshooting skills. This role will suit a highly motivated individual with keen attention to detail, who can demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats and developing strategies for their detection and mitigation.
• Lead and supervise the Cyber Security team dedicated to monitoring for cyber security incidents, and report to the Head of Cyber Security.
• Take operational ownership of a 24/7/365 Managed Security Service ensuring tickets are closed based on defined SLAs.
• Create and respond to help desk tickets as part of the Cyber Security team.
• Maintain and test the Cyber Incident Response Plan and continuously improve processes and procedures.
• Maintain the relationship with the Managed Security Services Provider and lead weekly Rolling Action Items List meetings with the Cyber Security team.
• Mentoring of junior team members in all aspects of Cyber Security.
• Conduct research pertaining into cyber threats, campaigns, vulnerabilities, and technological advances in combating unauthorized access.
• Investigate alerts, anomalies, errors, intrusions, and malware for evidence of compromise.
• Perform incident analysis, determine root cause and proper mitigation of cyber security events.
• Engage with other teams to mitigate cyber security threats, improve processes, and improve security posture, analysing threat intelligence for relevancy, impact, and exposure.
• Participate in cyber security incident response scenarios by collecting, analysing, and preserving digital evidence; ensure that cyber security incidents are recorded and documented according to procedure.
• Support the Information Security team with client audits.
• Collaborate with other senior IT leads providing cyber security engineering and architecture support to existing and new services.
• Conduct network, endpoint, and log analysis (by utilizing SIEM, IPS, Firewall, Proxy, AV etc) to determine the extent of the compromise, attributes of any malware and possible data exfiltrated.
• Interface with the firm's Vulnerability Management service and provide reports and metrics to IT Operations and Information Security.
• Ensure that all incidents, alerts and exceptions are responded to in accordance with established procedures.
• Research and incorporate relevant threat intelligence during the incident investigation and in written and verbal reports.
• Maintain current knowledge of tools and best-practices in advanced persistent threats; tools, techniques, and procedures of attackers; and forensics and incident response.
• Track cyber threat actors/campaigns based from technical analysis and open source intelligence.
• Provide support to vulnerability analysis, penetration testing and compliance monitoring activities.
• Manage external certificates.
• Metrics reporting for Service Management and Incident Management.
Skills & Experience:
• Demonstrates a solid working knowledge and an understanding of cyber security procedures, threats, alerts, anomalies, potential intrusion tactics, with related work experience in an information security role with a cyber security focus.
• Demonstrated Cyber Incident Response/Forensics/Vulnerability analysis background
• Must be able to handle multiple deadlines, and to effectively perform during high pressure or stressful situations.
• Must possess excellent analytical, troubleshooting, and problem-solving skills.
• Desirable to have advanced knowledge and experience in the Incident Response Life Cycle (NIST 800-61 Rev 2)
• Should be able to perform research to solve problems in a creative and repeatable manner
• Proven capability to manage a team of Security Analysts with on-call rota.
• You will have knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour.
• Excellent organization and time management skills.
• Proven capability and experience of investigating, managing and remediating cyber security incidents with an ability to make sound decisions and judgements.
• Ability to produce and present technical information to both technical and non-technical personnel.
• You will have extremely good organisational, communication and documentation and administration skills with a good eye for detail.
• You will understand typical malware functionality and capabilities.
• Experience producing security documentation and other technical analysis reports
• Ability to build capability in other analysts through on-the-job training and knowledge sharing.
• Skilled in cyber security procedures and incident response, and possesses an understanding of TCP/IP, common network protocols, and related security applications.
• Demonstrable experience in Intrusion Detection and analysis.
• Experience working in a team-oriented, collaborative environment.
The following elements are considered as essential knowledge and the candidate must be able to explain/demonstrate the configuration, management and maintenance of the following:
Technical Experience include:
Windows Server (2003, 2008 and 2012)
Linux (primarily Red Hat Enterprise Linux)
UNIX (e.g. FreeBSD or Solaris based systems)
Wireshark / tcpdump
Snort / Suricata
Identification of web attack vectors, e.g:
Use of scripting languages, e.g.:
Desirable certifications include:-
Certified Information Systems Security Professional (CISSP) – preferred but not essential
GIAC Certified Intrusion Analyst (GCIA)
GIAC Certified Incident Handler (GCIH)
GIAC Certified Forensic Analyst (GCFA)
Certified Ethical Hacker (CEH)
Enterprise Security product certifications in endpoint, firewall, IDS/IPS, SIEM an advantage.