S&P Global

Senior CIRT Analyst

S&P Global

full-time

Posted on:

Origin:  • 🇬🇧 United Kingdom

Visit company website
AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudCyber SecurityFlashGoogle Cloud PlatformLinuxSplunkTCP/IP

About the role

  • Coordinate and triage response to cybersecurity events and conduct forensic analysis across endpoints, networks, cloud, and SaaS.
  • Integrate threat intelligence into investigations (e.g., enrich IOCs, map activity to MITRE ATT&CK, identify likely threat actors/TTPs, and assess potential impact).
  • Understand the threat landscape through collaboration with industry peers, FS-ISAC, trust groups, and commercial/open-source intelligence, translating insights into actionable recommendations.
  • Develop, maintain, and operationalize Incident Response playbooks and SOPs; include PIRs (Priority Intelligence Requirements), collection plans, and feedback loops to refine detections.
  • Work closely with the SOC to investigate incidents and deliver containment, remediation, and root cause analysis; produce high-quality intel-informed incident reports.
  • Create and tune detections (e.g., SIEM/SOAR, EDR) using intelligence signals (TTPs, behaviors, YARA/Sigma where applicable).
  • Produce and present consumable intelligence outputs (e.g., flash alerts, threat overviews, executive briefs) tailored to technical and non-technical stakeholders.
  • Contribute to vulnerability/threat surfacing (e.g., emerging CVEs, exploit trends) and advise on risk-based prioritization.
  • Deliver actionable incident and hunting metrics to management; assess detection coverage and recommend improvements.
  • Follow the end-to-end incident response lifecycle and support post-incident lessons learned with intelligence-driven enhancements.
  • Build an understanding of key S&P technology, systems, and business practices to contextualize threats and drive pragmatic defenses.
  • Participate in information-sharing activities (e.g., FS-ISAC submissions) in line with TLP and legal/compliance requirements.

Requirements

  • Working knowledge of common cyber attacks, tools, and attacker tradecraft; ability to map activity to MITRE ATT&CK and articulate likely TTPs.
  • Demonstrated experience handling security events in critical environments and applying intelligence to accelerate triage and response.
  • Experience analyzing system, application, and cloud/SaaS logs to investigate security and operational issues; comfort enriching with IOCs and behaviours.
  • Hands-on experience with a SIEM (Splunk preferred) for investigations, alert creation, reporting, and threat hunting.
  • Ability to produce clear, actionable intel and incident reports, including executive-ready summaries and visuals.
  • Familiarity with threat intel workflows: collection planning, source evaluation, indicator lifecycle, PIRs, TLP, and feedback loops to detections.
  • Experience with one or more TIPs or intel data sources (e.g., MISP, OpenCTI, Recorded Future) and STIX/TAXII concepts.
  • 3+ years of information security experience with a focus on incident response, threat hunting, or threat intelligence.
  • Excellent communication skills for varied business and technical audiences; strong presentation skills.
  • Comfortable working in a fast-paced environment; passion for cyber security.
  • Advanced knowledge of network protocols (TCP/IP, HTTP) and operating systems.
  • Preferred: Experience in the financial services industry.
  • Preferred: Familiarity with threat hunting techniques (hypothesis-driven, ATT&CK-aligned, behavior-based).
  • Preferred: Windows and Linux administration tools and concepts.
  • Preferred: Understanding of threat actors and the cybercrime ecosystem, including initial access vectors, monetization paths, and supply-chain/SaaS attack patterns.
  • Preferred: Exposure to malware/TTP analysis at a functional level and creation of detections (e.g., Sigma/YARA).
  • Preferred: Experience producing finished intelligence products and briefing senior stakeholders.
  • Preferred: Relevant certifications (e.g., GCTI, GCFA/GCFR, GCIH, FOR578) or equivalent experience.
  • Preferred: Familiarity with information-sharing standards and practices (FS-ISAC, TLP) and legal/compliance considerations.
  • Preferred: Knowledge of cloud provider threat models and telemetry (AWS, Azure, GCP, M365/SaaS).
  • Preferred: Second language and/or geopolitical awareness for actor context is a plus.
Cybervance, Inc.

Mid-Level Cyber Threat Hunter, Forensics Analyst

Cybervance, Inc.
Mid · Seniorfull-timeWashington · 🇺🇸 United States
Posted: 15 days agoSource: cybervance.breezy.hr
AndroidAzureCloudCyber SecurityDNSiOSLinuxPythonSMTPSplunkSQLTCP/IP
General Dynamics Information Technology

AWS Cyber Security Engineer

General Dynamics Information Technology
Mid · Seniorfull-time$102k–$138k / year🇺🇸 United States
Posted: 4 days agoSource: gdit.wd5.myworkdayjobs.com
AWSAzureCloudCyber SecurityFirewallsSplunk
Workstreet

Sr. Manager, Virtual Chief Information Security Officer, vCISO

Workstreet
Seniorfull-time🇺🇸 United States
Posted: 9 days agoSource: ats.rippling.com
AWSAzureCloudCyber SecurityGoogle Cloud PlatformKubernetesOpen SourceTerraform
Palo Alto Networks

Principal Consultant, Proactive Services

Palo Alto Networks
Leadfull-time🇫🇷 France
Posted: 7 days agoSource: jobs.smartrecruiters.com
AWSAzureCloudCyber SecurityGoogle Cloud Platform
Synchrony

VP, Information Security Architecture

Synchrony
Seniorfull-time$170k–$290k / yearCalifornia · 🇺🇸 United States
Posted: 25 days agoSource: synchronyfinancial.wd5.myworkdayjobs.com
AWSAzureCloudCyber SecurityGoogle Cloud Platform