3rd Line Security Analyst

Job Description

JobTitle Level3SecurityAnalystIncidentResponse&VulnerabilityManagementDepartment ServiceDelivery/SecurityReportingTo SecurityLead/ServiceDeliveryManagerOperatesunderthedirectionoftheIncidentManagerduringsecurityincidentsLocation UK(Hybrid)OfficeinCardiff1-2daysperweek,regularclientsitetravel.WorkingPattern MondaytoFridaywithparticipationintheon-callSecurityandMajorIncidentrotaasrequiredRolePurposeTheLevel3SecurityAnalystisresponsibleforthetechnicalinvestigation,containment,remediation,andresolutionofITsecurityincidentsandvulnerabilitiesacrossacomplex,multi-sitecustomerestatesupportedbytheMSP.Theroleactsasaseniortechnicalauthorityforsecurityincidents,workingalongsideIncidentManagement,Infrastructure,Network,andApplicationteamstoensuresecurityissuesareresolvedend-to-end,correctlydocumented,anddonotreoccur.KeyAccountabilitiesSecurityIncidentInvestigation&ResponseActasthetechnicalleadfortheinvestigationofsecurityincidentsacrosssupportedplatforms.Investigatemalware,ransomware,accountcompromise,unauthorisedaccess,suspiciousactivity,andsecuritymisconfiguration.Performdetailedrootcauseanalysisacrossendpoint,identity,network,andapplicationlayers.AdvisetheIncidentManageronincidentscope,impact,containment,eradicationstrategy,andrecoveryvalidation.Driveincidentsthroughtofulltechnicalresolution,nottemporarymitigation.KeyAccountabilitiesVulnerabilityManagementInvestigatevulnerabilitiesidentifiedviascanningplatforms,endpointandcloudtooling,supplierdisclosures,andauditactivity.Assessriskbasedonexploitability,exposure,andoperationalimpact.Ownremediationactionsend-to-end,coordinatingwithInfrastructure,Network,andthird-partysuppliers.Validateremediationandensureappropriateevidenceiscapturedforassuranceandaudit.Platforms&TechnologyScopeEnd-userdevicesincludingWindows,macOS,tablets,andperipherals.Microsoft365includingEntraID,Exchange,SharePoint,Defender,andendpointprotection.IdentityandAccessManagementincludingprivilegedandserviceaccounts.On-premisesandcloud-hostedservers.Networkinfrastructureincludingfirewalls,switches,wireless,andWANconnectivity.Cloud-hostedandsupplier-managedapplications.Documentation,Audit&ContinuousImprovementProduceclear,technicallyaccuratedocumentationcoveringincidents,rootcauseanalysis,andcorrectiveactions.Supportgovernance,customerassurance,andauditrequirements.Contributetopost-incidentreviewsandlessonslearned.Identifyrecurringissuesandrecommendlong-termimprovements.EnsureincidentsandvulnerabilitiesarecorrectlyloggedandtrackedwithinITSMsystems.Collaboration&EscalationWorkcloselywithIncidentManagers,Securityspecialists,andLevel3InfrastructureandNetworkteams.ActasaseniorescalationpointforLevel1andLevel2teams.Engagethird-partysupplierstoprogressinvestigationandremediation.Participateinout-of-hoursresponseasrequired.Knowledge,Skills&ExperienceEssentialProvenexperienceinaLevel3orSeniorSecurityAnalystorIncidentResponserole.Hands-onexperienceinvestigatingandresolvingincidentsacrossendpoints,identityplatforms,networks,andcloudservices.Strongunderstandingofmalwareandransomwareresponse,identitycompromise,andvulnerabilityremediation.ExperienceworkingwithinformalSecurityIncidentandMajorIncidentprocesses.Strongwrittendocumentationandstakeholdercommunicationskills.Knowledge,Skills&ExperienceDesirableExperiencesupportingmulti-siteoroperationallysensitiveenvironments.FamiliaritywithDefender,SIEM,EDR,andvulnerabilitymanagementtools.UnderstandingofregulatedorPCI-adjacentenvironments.Relevantsecuritycertificationsorequivalentexperience.BehaviouralCompetenciesTakesownershipfromdetectionthroughtoresolution.Investigatesthoroughlyandchallengesincompletefixes.Calm,methodical,anddecisiveduringliveincidents.Understandsoperationalandbusinessimpact.Professionalandconfidentwhenengagingcustomersandsuppliers.DecisionMaking&AuthorityMakestechnicaldecisionsrelatingtoinvestigation,containment,andremediationofsecurityincidents.EscalatesriskanddecisionpointsappropriatelytoIncidentManagementandServiceDeliveryleadership.KeyInterfacesIncidentManagementSecurityOperationsInfrastructureandNetworkServicesThird-partysuppliersCustomerstakeholdersviastructuredincidentcommunicationsTPBN1_UKTJ