Working as part of the Security Incident Response Team the Senior Security Analyst will be responsible for responding to and investigating events generated by our security controls. You will be responsible for identifying improvement areas in processes, whether through Automation or Process driven. You will ensure that Security Incidents are promptly identified, contained and eradicated, working closely with IT, our security partners and the wider business to do so.
You will monitor our SIEM and SOAR alongside other security controls to identify potential threats and then use all of the controls and resources at their disposal to determine what steps need to be taken to contain and eradicate confirmed threats. Where necessary, you will ensure that any forensic evidence is correctly captured and stored in case it is required for future reference. Following an incident you will work with other teams involved to identify opportunities to improve our controls and processes, making recommendations for addressing any lessons learned and implementing where appropriate. You will act as an escalation point for members of the team to escalate higher severity and higher complexity incidents to.
The role involves participating in a shift and call-out rota to help ensure our environment is monitored and supported on a 24x7 basis.
Key Responsibilities
- Continuously monitor Next’s technical security controls in order to promptly identify and investigate potential threats.
- Respond to Security Incidents ensuring prompt containment and recovery.
- Carry out forensic investigations following security incidents.
- Ensure all investigations and incidents are accurately logged and managed in our ITSM tool.
- Participate in lessons learned meetings and make recommendations for improvements to controls or processes ensuring these are implemented where agreed.
- Liaise with other IT Teams, business areas and 3rd Parties to aid in incident investigations and response.
- Ensure continuous awareness of new and emerging threats and understand the TTPs and their relevance to the Next environment.
- Identify false positives and tuning requirements for security controls and work with the Security Engineering team to implement improvements.
- Work with our Security Engineering and Vulnerability & Threat Management Team to test our controls and processes in order to proactively identify opportunities for improvement.
- Create and maintain operational procedures and technical documentation.
- Manage and maintain metrics and reporting to ensure the security threats and trends impacting our business are understood.
Essential
- Proven Information Security experience with a good understanding of analyst investigations.
- Strong analytical and troubleshooting skills within Windows and Linux environments
- Understanding of Information Security including malware, emerging threats, attacks, and vulnerability management.
- A team player who is hardworking and self-motivated.
- Excellent attention to detail.
- Ability to remain calm under pressure and clearly communicate to all levels of management.
- Understand and operate change management processes.
- Experience using, configuring and maintaining common security tools such as EDR, IDS/IPS, SIEM, SOAR
- Experience working in a Security Operations Centre.
Desirable
- Relevant industry recognised security qualification (i.e SANS 503, CySA+, Security+).
- Experience with security or compliance standards such as PCI-DSS or ISO27001.
- Understanding and experience of working for a Retail company.
- Experience with Regex, Scripting
- Experience working in an Infrastructure or Network Operations Centre
- Experience conducting Digital Forensics investigations
hackajob is partnering with NEXT Ltd to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
