Cyber Defence Analyst

We have an exciting opportunity for Cyber Defence Analysts to join our growing Information Security team, based in the A&O Shearman’s Belfast office.

The in-house Information Security team is a core part of our technology services structure with mature or evolving capability across all areas of digital security and cyber defence. This Cyber Defence Analyst will perform a critical role in solidifying the firm’s security posture to ensure the confidentiality, integrity, and availability of the firm’s systems and data. They play a key role in investigating any security related alerts and escalations from Level 1 monitoring carried out by the Managed Security Service Provider (MSSP).

Please note that weekend working is a requirement for this role, with exact shift patterns to be discussed at interview. All weekend hours are eligible for a premium payment, in addition to your base salary.

What you will do

Investigate escalations:
Investigate and prioritise Level 2 escalated events and alerts which have been detected through Level 1 monitoring activities by the firm’s MSSP to identify potential incidents. Escalate these events further to senior colleagues and appropriate stakeholders when necessary.
Investigate potential cyber security and data loss incidents raised by firm employees and third parties, following the defined playbooks for the Cyber Defence team. 
Respond to inbound queries to the information security mailbox, consulting with more senior colleagues for advice where required. 

Incident Response:
Participate in incident response activities, including CSIRT activities, for confirmed incidents in local time-zone:
Conduct initial triage and investigation.
Assist with containment, mitigation, and remediation efforts, ensuring any forensic evidence is gathered and documented appropriately.
Participate in security incident response exercises and contribute to post-exercise reviews.
Be part of the Cyber Defence on-call rota, which may require out-of-hours work.
Pick-up and hand-off incident response activities with the rest of the Belfast Cyber Defence team to other teams in different time-zones across the globe, as per our 24-7 follow-the-sun global model.
Maintain awareness of current and emerging cyber threats, techniques, and procedures (TTPs) using threat intelligence insights from the Threat and Vulnerability Management team, applying this knowledge in daily operations.

Tooling and Process Improvement:
Assist with the implementation and enhancement of new and existing cyber defence tools and processes to maximise the effectiveness of the Cyber Defence function.
Contribute to the maintenance and improvement of playbook and process documentation for Cyber Defence.
 
Collaboration and Advisory:
Collaborate with other areas of the firm (e.g. wider information security and IT teams) to improve the firm’s security posture by implementing controls and fostering awareness.
Advise business stakeholders on Cyber Defence, translating complex technical concepts into business-friendly language.

What you will have 
At least 1+ years’ experience in a security operations or similar technical security role.
Operational-level experience in at least two of the following domains; Security engineering, Alert triaging, Rule writing, Incident response, Digital Forensics and Incident Response (DFIR), Threat intelligence and management, Vulnerability management, or Security control testing.
In-depth understanding of Networking and routing protocols (e.g. TCP/IP) and services (e.g. DNS, SMTP).
Cyber defence technologies and tooling, including:
SIEM solutions
Intrusion Detection/Prevention Systems (ID/PS)
Threat and vulnerability management platforms
Endpoint protection
Firewalls
Highly analytical mindset with strong problem-solving skills.
Ability to interpret data flows, assess security events, and draw logical conclusions.
Excellent written and verbal communication skills.
Ability to collaborate effectively across technical and non-technical teams.
High level of personal integrity and ethics, demonstrating an appropriate level of judgement.
A genuine passion for continuous learning and development in cybersecurity, staying up-to-date with the latest developments, trends, and technologies in the field.

You will stand out if you have
Bachelor’s degree in Information Security, Computer Science, Engineering, Technology, or a related field.
Industry-recognised certifications such as:
CISSP (Certified Information Systems Security Professional)
CEH (Certified Ethical Hacker)
CISM (Certified Information Security Manager)
CompTIA Security+
Practical programming or scripting experience, particularly with:
Python
PowerShell