Cyber Threat Intelligence Analyst
Rackspace Technology
AzureCloudCyber SecurityJavaScriptLinuxPython
Cyber Defence Analyst
Insight Investment
full-time
Posted on:
Origin: • 🇬🇧 United Kingdom
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
AzureCyber SecuritySplunk
About the role
- Maintain and update alerts/rules within Insight Investment’s monitoring solution and SIEM.
- Investigate, record and respond to SIEM alerts, determine scope and severity of incidents, and coordinate containment and remediation efforts.
- Define, implement and continuously improve operational security processes and runbooks to align with compliance standards and evolving threats.
- Assist with integrating and configuring security tooling, ensuring effective data ingestion, enrichment and alerting across the environment.
- Participate in threat hunting activities to proactively identify suspicious behaviour and improve detection coverage.
- Deliver vulnerability management: analyse scanning outputs, coordinate with technology teams and ensure timely notification and remediation tracking.
- Generate new security controls as required and enforce security processes and requirements across the business.
- Participate in the out-of-hours, on-call rotation, supporting incident response efforts during non-core hours.
Requirements
- Knowledge of SIEM tooling, designing and implementing use cases & documenting KBAs.
- Strong knowledge of KQL.
- Proven experience in incident response and handling.
- Automate alert triage and response using SOAR playbooks integrated with SIEM.
- Detect anomalous user behavior by correlating identity and activity patterns in SIEM.
- Experience contributing to cybersecurity operations in a professional or structured environment.
- Demonstrated commitment to continuous self-study.
- Experience working with an MSSP.
- Technical knowledge of access management and security controls.
- Strong collaboration skills with the ability to work across teams and stakeholders.
- A strong desire to drive security innovation across the firm.
- Relevant technical cyber security certifications are desirable.
- Knowledge on task automation/scripting would be hugely beneficial.
- Experience with Microsoft suite (Defender/Azure), query-based SIEM (e.g. Splunk) and orchestration platforms.
- Experience in financial services or other highly regulated environments.
- Prior involvement in threat hunting activities.
