3rd Line Security Analyst

JobTitle Level3SecurityAnalystIncidentResponse&VulnerabilityManagement Department ServiceDelivery/Security ReportingTo SecurityLead/ServiceDeliveryManager OperatesunderthedirectionoftheIncidentManagerduringsecurityincidents Location UK(Hybrid)OfficeinCardiff1-2daysperweek,regularclientsitetravel.

Be one of the first applicants, read the complete overview of the role below, then send your application for consideration.

WorkingPattern MondaytoFridaywithparticipationintheon-callSecurityandMajorIncidentrotaasrequired RolePurpose TheLevel3SecurityAnalystisresponsibleforthetechnicalinvestigation,containment,remediation,andresolutionofITsecurityincidentsandvulnerabilitiesacrossacomplex,multi-sitecustomerestatesupportedbytheMSP.

Theroleactsasaseniortechnicalauthorityforsecurityincidents,workingalongsideIncidentManagement,Infrastructure,Network,andApplicationteamstoensuresecurityissuesareresolvedend-to-end,correctlydocumented,anddonotreoccur.

KeyAccountabilitiesSecurityIncidentInvestigation&Response Actasthetechnicalleadfortheinvestigationofsecurityincidentsacrosssupportedplatforms.

Investigatemalware,ransomware,accountcompromise,unauthorisedaccess,suspiciousactivity,andsecuritymisconfiguration.

Performdetailedrootcauseanalysisacrossendpoint,identity,network,andapplicationlayers.

AdvisetheIncidentManageronincidentscope,impact,containment,eradicationstrategy,andrecoveryvalidation.

Driveincidentsthroughtofulltechnicalresolution,nottemporarymitigation.

KeyAccountabilitiesVulnerabilityManagement Investigatevulnerabilitiesidentifiedviascanningplatforms,endpointandcloudtooling,supplierdisclosures,andauditactivity.

Assessriskbasedonexploitability,exposure,andoperationalimpact.

Ownremediationactionsend-to-end,coordinatingwithInfrastructure,Network,andthird-partysuppliers.

Validateremediationandensureappropriateevidenceiscapturedforassuranceandaudit.

Platforms&TechnologyScope End-userdevicesincludingWindows,macOS,tablets,andperipherals.

Microsoft365includingEntraID,Exchange,SharePoint,Defender,andendpointprotection.

IdentityandAccessManagementincludingprivilegedandserviceaccounts.

On-premisesandcloud-hostedservers.

Networkinfrastructureincludingfirewalls,switches,wireless,andWANconnectivity.

Cloud-hostedandsupplier-managedapplications.

Documentation,Audit&ContinuousImprovement Produceclear,technicallyaccuratedocumentationcoveringincidents,rootcauseanalysis,andcorrectiveactions.

Supportgovernance,customerassurance,andauditrequirements.

Contributetopost-incidentreviewsandlessonslearned.

Identifyrecurringissuesandrecommendlong-termimprovements.

EnsureincidentsandvulnerabilitiesarecorrectlyloggedandtrackedwithinITSMsystems.

Collaboration&Escalation WorkcloselywithIncidentManagers,Securityspecialists,andLevel3InfrastructureandNetworkteams.

ActasaseniorescalationpointforLevel1andLevel2teams.

Engagethird-partysupplierstoprogressinvestigationandremediation.

Participateinout-of-hoursresponseasrequired.

Knowledge,Skills&ExperienceEssential ProvenexperienceinaLevel3orSeniorSecurityAnalystorIncidentResponserole.

Hands-onexperienceinvestigatingandresolvingincidentsacrossendpoints,identityplatforms,networks,andcloudservices.

Strongunderstandingofmalwareandransomwareresponse,identitycompromise,andvulnerabilityremediation.

ExperienceworkingwithinformalSecurityIncidentandMajorIncidentprocesses.

Strongwrittendocumentationandstakeholdercommunicationskills.

Knowledge,Skills&ExperienceDesirable Experiencesupportingmulti-siteoroperationallysensitiveenvironments.

FamiliaritywithDefender,SIEM,EDR,andvulnerabilitymanagementtools.

UnderstandingofregulatedorPCI-adjacentenvironments.

Relevantsecuritycertificationsorequivalentexperience.

BehaviouralCompetencies Takesownershipfromdetectionthroughtoresolution.

Investigatesthoroughlyandchallengesincompletefixes.

Calm,methodical,anddecisiveduringliveincidents.

Understandsoperationalandbusinessimpact.

Professionalandconfidentwhenengagingcustomersandsuppliers.

DecisionMaking&Authority Makestechnicaldecisionsrelatingtoinvestigation,containment,andremediationofsecurityincidents. xkybehq

EscalatesriskanddecisionpointsappropriatelytoIncidentManagementandServiceDeliveryleadership.

KeyInterfaces IncidentManagement SecurityOperations InfrastructureandNetworkServices Third-partysuppliers Customerstakeholdersviastructuredincidentcommunications