Cyber Security Operations – Senior Analyst

Overview

Join a high-impact defence programme supporting secure and advanced communications across critical MOD environments. This is an opportunity for an experienced Cyber Security Operations Senior Analyst to contribute to the NSoIT(D) programme, helping deliver secure information services

Specific job skills

You will provide cyber security operations support within a highly secure delivery environment, working as part of a QinetiQ-led team under the NSoIT Framework. The role supports key engineering delivery commitments and includes support for Live Ops, regular reporting, issue and risk management, and knowledge transfer activity.·      

·      Provide cyber security operations support across defined work packages.

·      Support Live Ops activity as part of ongoing service delivery.

·      Maintain regular communication and reporting with programme and project teams.

·      Identify and flag risks, issues and delivery concerns in a timely manner.

·      Contribute to end-of-assignment knowledge transfer activities.

·      Strong experience in cyber security operations within secure or defence-related environments.

·      Ability to work effectively within structured project or programme delivery frameworks.

·      Confidence producing regular updates, monthly activity reporting, and clear risk or issue escalation.

·      A collaborative approach and the ability to operate successfully in a high-assurance, on-site environment.

Essential skills and experience

DV clearance is required.

You will need strong cyber security operations experience, confidence in secure/defence environments, and the ability to work in a structured delivery setting with experience in the implementation, maintenance and configuration of a variety of SIEM and SOAR platforms, including:Trend, Tripwire, Tanium, Clearswift, Elastic, SolarWinds .

The ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards.

The ideal candidate will have knowledge and experience with the Windows and Linux operating systems, the ability to reverse engineer malware and then creating IOCs and rules for the SIEM.

Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding etc.

A strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs).

Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.

Technical understanding of current cybersecurity threats and trends.

Desired skills and experience

CompTIA A+.

CompTIA Security+.

CompTIA CySA+.

CompTIA PenTest+.

MCSE.

SANS 504 - Incident Handling.

SANS 511 (Continuous Monitoring).

Eligibility Checks

Candidates must be DV cleared UK nationals.

Please note: We cannot accept any applications from candidates currently working on the Aurora framework unless the contract is due to finish within the next month.

Please note: For security reasons this role is open to sole UK nationals only. A ‘sole UK national’ refers to an individual who holds citizenship solely in the UK, without dual citizenship or nationality from another country. We do not offer visa sponsorship.