Cyber Security Incident Response & Threat Intelligence Analyst

Cyber Security Incident Response & Threat Intelligence Analyst


Team Overvie

wThe Cyber Security Operations Team is responsible for monitoring, detecting, and responding to cyber threats across Thomas Millers estate. We ensure the protection of digital assets and safeguard confidentiality, integrity and availability of systems. Working in a fast-paced environment, the SOC provides 24/7 vigilance, rapid incident response, vulnerability oversight and actionable threat intelligence to reduce cyber risk


Who Are We Looking Fo

r?We are seeking a Cyber Security Incident Response & Threat Intelligence Analyst to strengthen our SOC capability. The successful candidate will focus primarily on incident response while also supporting threat intelligence analysis. This hybrid role ensures we can both react quickly to active threats and proactively reduce risk exposure through continuous threat monitoring and remediation efforts. The ideal candidate will have an in-depth understanding of the overall security landscape, be experienced in cyber security incident response, with a keen ability to detect and respond to complex security incidents, tuning detection systems to spot attacker Tactics, Techniques, and Procedures (TTPs

).
They will lead responses to active incidents, collaborating with IT, security, and business stakeholders to mitigate threat actors from our systems as quickly as possib

le.They should have a deep understanding of threat detection techniques, advanced persistent threats (APT), and incident handling procedures. They will provide technical mentorship to junior members of the team, and act as an escalation tier for complex analysis. We are looking for an individual who can balance technical risks against business risks and consistently drive for the right resul

ts.
The successful candidate will have a good mix of deep technical knowledge, a demonstrated background in information security, and an analytical mindset that is driven by curios

ity.
We value broad and deep technical knowledge, specifically in the fields of operating system security, network security, software security, malware analysis, forensics, security operations, incident response, and emergent security intellig

ence.
Responsibi

  • litiesRespond to and investigate cyber security incidents, including malware outbreaks, phishing attempts, insider threats and handle digital fore
  • nsics.Continuously improve our monitoring systems' detection and response capabilities as well as processes, procedures, and pla
  • ybooksLead Incident Response efforts when dealing with confirmed security inc
  • identsAutomate analysis and response steps to reduce manua
  • l toilHelp prioritise the creation of new SOC use cases to ensure optimum ROl for engineering
  • effortMonitor security alerts and suspicious activities from a variety of SOC
  • tools.Utilise Microsoft security tools such as Microsoft Defender for Endpoint, Microsoft 365 Defender, and Azure Security Centre to detect, respond to, and mitigate security inci
  • dents.Perform root cause analysis to determine how breaches or incidents occurred and implement long term prevention strat
  • egies.Collaborate with other IT and security teams to address vulnerabilities and strengthen security po
  • sture.Conduct post-incident analysis to identify areas for improvement and lessons le
  • arned.Maintain detailed records of security incidents, including incident timelines, analysis, and resolu
  • tions.Plan and execute monitoring system architectural c
  • hangesCommunicate effectively at multiple levels of sensitivity, and multiple aud
  • iencesRecognise, adopt and install the best practices in security engineering fields throughout the organisation: development, cryptography, network security, security operations, incident response, security intelli
  • gence.Gather, analyse and disseminate threat intelligence from internal and external so
  • urces.Provide intelligence driven recommendations for improved SOC detection and con

trols.
Technical

  • SkillsHands-on experience with vulnerability management tools (e.g., Nessus, Qualys, R
  • apid7).Familiarity with threat intelligence platforms (e.g., Recorded Future, ThreatConnect, Man
  • diant).Experience with SOC tools s
  • uch as:SIEM (e.g., Splunk, IBM QRadar, ArcSight,
  • Rapid7)Endpoint Detection and Response (EDR) (e.g., CrowdStrike, Carbon Black, SentinelOne,
  • Rapid7)Intrusion Detection/Prevention Systems (IDS/IPS) (e.g., Snort, Suricata, Cis
  • co IDS)Vulnerability Management tools (e.g., Nessus, Qualys,
  • Rapid7)Threat Intelligence Platforms (e.g., Recorded Future, ThreatC
  • onnect)Firewalls and Network Monitoring tools (e.g., Palo Alto, Cisco ASA, Chec
  • kpoint)Security Orchestration Automation and Response (SOAR) platforms (e.g., Demisto, P
  • hantom)Experience with Web Gateway and Web Proxy tools (e.g., Blue Coat, Zscaler, Forcepoint, Pal
  • o Alto)Strong knowledge of operating systems (Windows, Linux) and network pro
  • tocols.Proficiency in analysing packet captures (Wireshark, TC
  • PDump).Familiarity with scripting languages such as Python, Bash, or Powe
  • rShell.Experience with cloud security monitoring (AWS, Azure
  • , GCP).Knowledge of incident management frameworks like NIST, MITRE ATT&

amp;CK.
Minimum Qualif

  • icationsBachelor's Degree in Cyber Security, Information Technology, or a relate
  • d field.3-5 years of experience in SOC Operations, incident response, threat intelligence, or similar roles within a SOC envi
  • ronment.Hands-on experience responding to security incidents using SIEM and ED
  • R tools.In depth knowledge of networking, security principles, and threat detection method
  • ologies.Demonstrated ability to handle complex incident investigations and document findings effe
  • ctively.Practical experience in network- and host-based digital forensics across multiple operating
  • systemsIn-depth experience working with a variety of monitoring tools, including SIEM, endpoint security, intrusion detection/prevention, packet a
  • nalysis,CASB,
  • and SOARKnowledge of open security testing standards and projects, including OWASP and the MITRE ATT&C
  • K MatrixStrong organizational skills and attention to
  • detail.Excellent written communication skills, with a focus on translating technically complex issues into simple, easy-to-understand concepts in

English.
Preferred Quali

  • ficationsIndustry certifications such as CISSP, GIAC (GCIH, GCI
  • A, GCTI).Experience with forensic investigations, malware analysis and reverse eng
  • ineering.Familiarity with regulatory frameworks (e.g., GDPR, PCI DSS) and their impact on incident response pr
  • ocedures.Experience with advanced persistent threat (APT) detection and mi
  • tigation.Ability to work in a 24/7 on-call incident response env
  • ironment.Excellent communication skills, with the ability to clearly document incidents and provide post-incident reports to non-technical stak
  • eholders.Experience leading the deployment of a major SIEM platform (Splunk, QRadar, Sentinel, ArcSight, etc) and/or EDR platform (Crowdstrike, Defender for Endpoint, Cyla
  • nce, etc)5+ years of experience in cyber security and adjacent fields such as systems engineering, network management, cloud security, and/or application
  • security2+ years in a security engineering
  • position2+ years of scripting/coding experience with one or more
  • languagesRelevant industry certifications, a degree in cyber security or adjacent fields, or cyber security b
  • oot campsExperience in python, powersh
  • ell, bashExperience with an Infrastructure as Code tool like
  • terraformFamiliarity with cloud platforms like AWS, Azu
re or GCP
Apply Now
Apply Now

Job Details

Company
Thomas Miller
Location
Oxford, Oxfordshire, UK
Employment Type
Full-time
Posted