ENVIRONMENT:

A dynamic Energy Specialist seeks a highly skilled Cybersecurity Analyst to serve as the primary escalation point for critical alerts and incidents passed from First Responders, particularly focusing on high-severity Managed Detection and Response (MDR) alerts. This role involves leading deeper investigations, improving detection capabilities, and driving the continuous improvement of the organization's incident response processes. The Senior Analyst is also responsible for identifying gaps in the detection environment and implementing measures to mature and enhance the overall detection and response strategies. You must preferably have GCIA and CEH Certifications with 7+ years' work experience in a similar role including strong experience with security monitoring tools (EDR and MDR) with the ability to lead complex investigations and provide detailed analysis and reporting on security incidents. Please note this is a 12-Month Contract.

DUTIES:

MDR Alert Escalation and Advanced Threat Investigation -

• Act as the escalation point for critical MDR alerts and incidents that require in-depth analysis beyond the scope of First Responders.
• Conduct thorough investigations of escalated security incidents, including reviewing logs, analysing network traffic, and correlating data from various security tools (e.g., SIEM, EDR, firewalls).
• Lead threat hunting activities to identify potential indicators of compromise (IOCs) or undetected threats within the environment.
• Develop detailed reports on incidents, including root cause analysis, incident impact, and remediation recommendations.

Incident Response Leadership -

• Lead incident response efforts for high-severity incidents, coordinating containment, eradication, and recovery activities.
• Collaborate with IT, Network, and Application teams to ensure timely and effective remediation of incidents.
• Ensure proper documentation of incidents and lessons learned for continuous improvement of response processes.
• Provide guidance and mentorship to First Responders and Junior Analysts during incident escalations.

Enhancing Detection Capabilities -

• Review and assess current detection rules, alerts, and configurations within security tools (e.g., SIEM, MDR platforms) to improve their accuracy and effectiveness.
• Identify gaps in detection coverage and implement new rules, use cases, or monitoring strategies to improve visibility across the organization's environment.
• Collaborate with the Threat Intelligence team to integrate emerging threat information into detection capabilities.
• Conduct regular assessments of security tools to ensure they are properly tuned for accurate threat detection with minimal false positives.

Continuous Improvement of Incident Response Processes -

• Lead efforts to mature and enhance the organization's incident response procedures, ensuring they align with industry best practices and evolving threat landscapes.
• Regularly review and update incident response playbooks to ensure they are comprehensive and actionable for different types of security incidents.
• Automate repetitive tasks in the incident response process to improve efficiency and reduce response times.
• Provide input on new technologies, processes, or tools that can further streamline and enhance the incident response lifecycle.

Collaboration with Security and IT Teams -

• Collaborate with IT, network, and infrastructure teams to implement technical controls and improvements based on findings from security incidents and investigations.
• Serve as a liaison between the