R1 Cyber Security Analyst

R1 Cyber Security Analyst

UK (Manchester, London or Cheltenham)

Role Purpose

As an R1 Security Analyst, you will be the first line of defence in our Security Operations Centre, responsible for the initial triage of security alerts. Your primary role will be to monitor, analyse, and assess incoming alerts, identifying potential security incidents based on established criteria. You will escalate confirmed or suspicious threats to the R2 analysts, senior analysts, or the shift lead for further investigation and response. This role requires strong analytical skills, attention to detail, and the ability to follow escalation protocols to ensure swift and effective incident management. Ideal candidates will have a foundational understanding of cybersecurity principles, experience with SIEM tools, and a commitment to continuous learning in a fast-paced security environment.
 

Due to being the initial contact for the triaging of alerts your expertise will directly support the analytic development by suggesting customer tuning rules to ensure the efficient running of the SOC. This role requires strong analytical skills, technical proficiency, and a commitment to continuous learning in a dynamic security environment.

Summary

Threat Detection and Monitoring:

• Monitor the SOAR platform for SIEM Logs, IDS Logs and Managed Intelligence sources.
• Identify potential threats, vulnerabilities, and indicators of compromise.
• Initiate escalation procedures to counteract potential threats and vulnerabilities.
• Ability to analyze and interpret threat intelligence feeds and implement protective measures accordingly.

Incident Remediation and Documentation:

• Escalate to R2 analysts, Team Lead or senior analyst should further clarification or four eyes be required.
• Provide incident remediation and prevention recommendations to customers using established procedures and analyst experience.
• Document and adhere to security monitoring processes.
• Suggest process and procedure improvement based on working requirements to streamline processes.

Customer Service and Escalation:

• Exceed customer expectations by always delivering exceptional customer service.
• Be the initial point of contact for alerts triaged.
• Contribute to the creation and maintenance of security documentation, including incident response playbooks, standard operating procedures, and knowledge base articles.

Reporting and Continuous Improvement:

• Compile and review service-focused reports for effective communication.
• Contribute to the creation and maintenance of security documentation, including incident response playbooks, standard operating procedures, and knowledge base articles.
• Be susceptible to mentoring from senior analysts

Threat Analysis and Collaboration:

• Contribute practical insights to the analysis of common security incidents.
• Maintain working relationships with the Analytic Development and Security Engineering teams.
• Collaborate with shift partners to provide a high quality of service.

General Duties:

• Perform additional assigned duties as required.
• Flexibility to quickly learn and adapt to new security tools, technologies, and processes.
• Strong analytical and problem-solving skills.
• Good communication skills, both written and verbal.
• Ability to work collaboratively as part of a team.
• Keep up to date with latest emerging threats and APT groups.
• Ability to be mentored by senior analysts.

What we are looking for in you

Network, Cloud and OS Knowledge:

• Understanding of common network protocols and tools.
• Proficient knowledge of Windows, Linux & MacOS operating systems.
• Understanding of Content Delivery Networks
• Understanding of the CIA triad and how it interacts with security

Customer interaction:

• Experience with documenting both high level and technical customer facing information.
• Confidence providing critical/sensitive information accurately.
• Contacting key stakeholders during major incidents

Incident Analysis and Response:

• Awareness of the MITRE ATT&CK framework
• Pedigree in performing in-depth analysis of security alerts.
• Assess customer impact through investigation and work with senior analysts for resolution.
• Initiate escalation procedure for potential threats
• Ability to interpret threat priority against the cyber kill chain.
• Provide appropriate mitigation and remediation steps.

Desirable Requirements

Tooling

• Hands-on experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Sentinel, Swimlane) and their use in aggregating and analyzing security event data.
• Knowledge of cloud products and log events such as Azure, Amazon Web Services, Google Cloud Platform. 
• Proficiency with network analysis tools (Wireshark) to perform PCAP analysis.

Desirable Certifications

• CompTIA Security+
• CompTIA Network +
• Security Blue Team Level One
• AWS Cloud Practitioner
• Azure Fundamentals
• MAD20 Att&ck Fundamentals

Ways of working

Focusing on Clients and Customers.  

Working as One NCC.

Always Learning.

Being Inclusive and Respectful. 

Delivering Brilliantly.  

Our company

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.   

Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support. 

Come join us?

What do we offer in return?

We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:

⏰Flexible working

💸 Financial & Investment

Pension

Life Assurance

Share Save Scheme

Maternity & Paternity leave

🙋🏾Community & Volunteering Programmes

⚡ Green Car Scheme

🚴 Cycle Scheme

🧑🏻‍🤝‍🧑🏻 Employee Referral Program

🧘🏻 Lifestyle & Wellness

🎓 Learning & Development

👨🏿‍🦽 Diversity & Inclusion

So, what’s next?

If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global.ta@nccgroup.com .

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.