UK CTAC Analyst Tier 2

Job Description:

Security Clearance Requirement:Candidates must besole UK nationals (British citizens only)and haveresided continuously in the UK for the past 10 yearsto meet current security clearance requirements.

Location & Schedule:This role is onsite in Erskine(Scotland) and requires coverage of 12 hour rotational shiftson a 4 on/4 off pattern.

Role Overview

The Tier 2 Cyber Security Analystis a mid level position within the Cyber Threat Analysis Centre (CTAC). You'll advance initial work from Tier 1 Analysts and provide deeper analysis of potential threats. This role is critical for escalated investigation, triage, and incident response while supporting Tier 1 development and training.

You'll work closely with senior and junior analysts to ensure seamless SOC operations, bridging foundational and advanced threat detection and response functions.

Key Responsibilities

Incident Analysis & Response:

• Conduct escalated triage and analysis on security events from Tier 1, determining threat severity and advising on initial response actions
• Investigate potential security incidents through deeper analysis of correlated events, identifying patterns or anomalies indicating suspicious or malicious activity
• Escalate critical threats to Tier 3 Analysts with detailed analysis for rapid response and adherence to SLOs

Technical Operations:

• Apply expertise in SIEM solutions using Kusto Query Language (KQL)for log analysis, event correlation, and thorough incident documentation
• Use OSINT (Open Source Intelligence) to enrich contextual data and enhance detection capabilities
• Monitor the threat landscape and document findings on evolving threat vectors, sharing insights with CTAC teams

Process Improvement:

• Follow established incident response playbooks, providing feedback for enhancements and suggesting updates to streamline CTAC processes
• Coordinate with Tier 3 Analysts and management to refine detection and response workflows, contributing to continuous SOC maturity
• Collaborate on tuning SIEM and detection tools to reduce false positives and improve alert fidelity

Detection Development:

• Identify gaps in current detection content and work with Senior Analysts to develop and validate new detection rules and use cases
• Submit tuning requests and test configurations when necessary

Mentorship & Training:

• Act as a mentor to Tier 1 Analysts, offering guidance on triage and analysis techniques
• Facilitate on the job training to elevate technical skills and operational efficiency
• Assist in training sessions and knowledge sharing activities, providing feedback on areas for growth

Required Knowledge & Skills

Technical Expertise:

• Advanced networking concepts (IP addressing, protocols, traffic flow)
• Advanced knowledge of Windows and Linux operating environments (commands, file systems, user authentication)
• Competence in SIEM solutions (e.g., ArcSight, Azure Sentinel) for monitoring and log analysis
• Proficient in Kusto Query Language (KQL) for searching and filtering logs
• Familiarity with OSINT techniques for threat identification
• Exposure to XDR platforms

Communication & Collaboration:

• Clear, efficient communication with team members and stakeholders
• Ability to explain technical issues to non technical individuals
• Create concise, structured reports outlining investigation findings

Professional Attributes:

• Effective workload management to ensure timely task completion
• Collaborative approach, accepting guidance and learning from experienced analysts
• Initiative in learning new technologies and techniques
• Efficient performance under high pressure situations

Education & Professional Experience

Desirable:

• IT certifications: CISSP, CompTIA CySA+, GCIA, GCIH
• CASP or ITIL certifications
• Experience in a SOC or SOC equivalent environment

Other Requirements

• Willingness to undertake high level clearance with multiple agencies
• Full UK Driving Licence