Senior Cyber Security Operations Analyst – Threat Hunting

Job Description - Senior Cyber Security Operations Analyst – Threat Hunting (047417) OrganisationCustomers, Communication and Technology
JobCSIRT
Position Type: Full Time
Location: North Greenwich, London - remote working - 50% office attendance model
Salary range: £55,000 - £60,000 plus fantastic company benefits like final salary pension scheme, and free tube and bus travel.
UK Sponsorship Available: Candidates are responsible for their own application fees.
About us:
As cyber threats continue to diversify and grow, so too does TfL's need to develop our cyber security culture and capabilities to ensure we continue to protect the services and systems which keep London moving. TfL's cyber security professionals play a critical and ever-increasing role in protecting these services and systems, safeguarding our customers as they travel across London's transport network.
About the role:
You will support the threat hunting function within the TfL Security Operations Centre (SOC), providing the skills needed to develop a world-class hunting capability across the organization. You will be responsible for coordinating hunting activities across teams and with key stakeholders to identify and remediate potential threats. You will be responsible and accountable for defined aspects of the implementation and improvement of TfL's cyber security posture. This includes the identification and capture of requirements, engagement with stakeholders, the selection and delivery of solutions, and ensuring that solutions maintain their effectiveness in an ever-changing threat environment.
Key accountabilities:
• Provide leadership across the SOC, supporting Senior and Junior Analysts to prioritize and direct activities, driving behaviours and ensuring effective incident handling.
• Enhance TfL's operational capabilities within the team; work closely with the SOC Manager ensuring capabilities across all Security Service lines and driving continual improvement.
• Proactively monitor TfL systems for malicious activity and intrusions using real-time data and alerting from various data sources measured against agreed SLAs.
• Ensure processes and operational documentation is maintained, fit for purpose and updated regularly to reflect changing business needs.
• Implement the TfL hunting process for security activities, in collaboration with key stakeholders across the organisation.
• Support the tuning of detection content and monitoring tooling to provide high fidelity alerting worthy of further investigation and mitigating false positives.
• Keep up to date with current cyber developments and trends, and maintain your skills through continuous personal development and collaboration with colleagues, both internal and external to the team.
Skills:
• Security Fundamentals training/certifications
• Incident Response training/certifications
• Hunting experience in previous roles
• Conversant with technologies supported by the SOC and including experience with 4 or more (essential): IR, VM, TI, Phishing, SIEM, BA, EDR, MDR.
• Demonstrable skills in using security tooling to provide contextual data for thorough assessment of events.
• Ability to communicate effectively, both written and verbally, and influence others to minimize TfL's Cyber Risk through effective monitoring, detection, and mitigation.
• Ability to effectively use a SIEM solution to identify events that warrant further investigation.
• Ability to use Threat Intelligence to aid the detection of potential cyber security events and incidents.
Knowledge:
• Educated to Degree level or equivalent - industry recognised qualifications such as CEH, GCIH, GPEN, GDAT, CISSP.
• Knowledge of cyber security and information security controls best practices with supporting qualifications where possible - such as Security+, Certified Ethical Hacker (CEH), Certified Information Systems Security Professional (CISSP), CPNI 10 and SANS 20.
• Knowledge of relevant legislation and government standards - including Security Policy Framework, Information Assurance Maturity Model, Security Essentials, Data Protection Act, Freedom of Information Act, EU Procurement Directives.
• A broad understanding of network and computer system architecture, operations, and protocols.
• Understanding of information security management concepts to support solutions and processes.
Experience:
• Experience of implementing and managing security monitoring and response in a complex organisation.
• Experience of working in an operational environment such as a SOC, CSIRT, or CERT function.
• Experience in leading the response to a Cyber Security incident or event.
• Experience of mentoring junior analysts.
• Knowledge of the Mitre ATT&CK and NIST frameworks and how these can be used to improve security monitoring and detection.
• Knowledge of the Cyber Kill Chain.
• Technical knowledge of computer networks and systems and the necessary controls to prevent unauthorized access.
Closing date: 22nd of December 2024 at 23:59
Excellent Benefits include:
• Final salary pension scheme
• Free travel on the TfL network
• Reimbursement of 75% of the cost of a standard class Ticket for National Rail travel from home or 75% reimbursement on a 28-day flexi ticket
• 30 days annual leave plus public and bank holidays
• TfL is committed to work-life balance, operating a hybrid working approach where business and role requirements allow
• Private healthcare discounted scheme (optional)
• Tax-efficient cycle-to-work programme
• Retail, health, leisure, and travel offers
• Discounted Eurostar travel
Additional Information:
Please apply supplying your CV preferably in ".docx" format. This document should be A4, in Arial 12 font, and a maximum of 2 pages per document.
If you are shortlisted, you may be invited to take part in a Video interview. We endeavour to give candidates as much notice as possible; however, some interviews/assessments will be organised at short notice and will require a degree of flexibility. We reserve the right to close the application window early if we receive a high volume of suitable applications.
We are committed to equality, diversity, and inclusion. We want to represent the city we serve, which will help us become a more innovative and efficient organisation. Our goal is to make our recruitment as inclusive as possible. We are a disability confident employer who guarantees an interview to any disabled candidate who meets all of the essential criteria. We also use anonymising software that removes identifying information from CVs and cover letters to make the process fair.
Many of our staff work flexibly in many different ways. Please talk to us at interview about the flexibility you need. We'll see what we can do.
We understand a confidence gap can get in the way of meeting spectacular candidates. So please don't hesitate to apply if you think you have what it takes even if you feel you don't meet all the criteria. We'd love to hear from you.

#J-18808-Ljbffr