Cyber Defense Analyst

at Experian
πŸ‡¬πŸ‡§ United Kingdom - Remote
πŸ”’ CybersecurityπŸ”΅ Mid-level

Job description

Company Description

Experian is a global data and technology company, powering opportunities for people and businesses around the world. We help to redefine lending practices, uncover and prevent fraud, simplify healthcare, create marketing solutions, and gain deeper insights into the automotive market, all using our unique combination of data, analytics and software. We also assist millions of people to accomplish their financial goals and help them save time and money.

We operate across a range of markets, from financial services to healthcare, automotive, agribusiness, insurance, and many more industry segments.

We invest in people and new advanced technologies to unlock the power of data. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), we have a team of 22,500 people across 32 countries. Our corporate headquarters are in Dublin, Ireland. Learn more at experianplc.com.

Job Description

As a Cyber Defence Analyst, you will join the Cyber Fusion Center, performing in-depth analysis, assessment, and response to security threats by following documented policies to meet Service Level Goals. The team provides global 24x7 security operations and monitoring for cybersecurity events affecting Experian.

You will be a part of the first line of defence in Experian’s broader incident response and incident management departments, responsible for receiving and prioritizing cybersecurity alerts, including being the dedicated contact for potential security incidents reported by users (e.g., Experian employees). Depending on the results of assessment, this team is then responsible for investigating, containing, eradicating, and recovering from events falling in its scope or escalating higher-risk events to dedicated incident response and management teams in the CFC.

This role is critical in ensuring the handling of potential threats and plays a part in improving security operations.

This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection.

Please note that in this role, you will have an 8x5 Monday-Friday schedule, with flexibility to respond to after-hours pages for potentially major security incidents to support incident response efforts and may include assignment to an on-call rotation for evenings, weekends, holidays.

Summary of Primary Responsibilities

As the Cyber Defence Analyst, you will:

  • Contribute to daily security operations by overseeing response activities for security events and alerts associated with cyber threats, intrusions, and compromises alongside a team of global security analysts following documented SLOs and processes.
  • Analyze events using security tooling and logging (e.g., SIEM, EDR) and assess potential risk / severity level of cyber threats; escalate higher-risk events to dedicated incident response and management teams in the CFC according to established processes.
  • Collaborate with external teams for incident resolution and escalations, driving incident handling
  • Notify team Lead(s) of concerns related to operations, such as anomalous changes in metrics, notable open incidents, quality concerns, or observed risks; support with resolution if appropriate
  • Manage and complete assigned caseload throughout the incident response lifecycle, including analysis, containment, eradication, recovery, and lessons learned.
  • Maintain all case documentation, including notes, analysis findings, containment steps, and cause for each assigned security incident. Ensure incident updates or contact with end-users are performed promptly and documented.
  • Help improve relevant strategies, Standard Operating Procedures (SOPs), and training materials
  • Support management’s overall strategy for CFC by participating in execution of improvement programs together with management’s plans
  • Assist the team Leads and management on use case development by suggesting enhancement or tuning of use cases to improve the security posture of Experian

Qualifications

  • Some information security experience working within a Security Operations Center or Cyber Security Incident Response Teams
  • Bachelor’s Degree in Computer Science, Computer Engineering, Information Systems, Information Security or professional certification related to Digital Forensics, Incident Response, or Ethical Hacking (e.g., GCIH, CEH, GCFE, GCFA, and CFCE).
  • Knowledge of main concepts related to the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks.
  • High-level understanding of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs), and common industry recommendations to prevent and respond to threats such as phishing, malware, network attacks, suspicious activity, data security incidents.
  • Exposure to technical elements of common Operating Systems (Windows, Linux, Mac OS), Networking (Firewalls, Proxies, NetFlow), Cloud Infrastructure (AWS, Azure, GCP), and Security Technologies (Anti-Virus, Intrusion Prevention, Web Application Firewalls)
  • Interest in developing knowledge across common Incident Response and Security Monitoring applications such as SIEM (e.g., Qradar, Splunk), EDR (e.g., FireEye HX, CrowdStrike Falcon, Microsoft Defender), and SOAR (Palo Alto XSOAR, Google Secops / Chronicle)
  • Desire to build technical skills and hands-on knowledge in the following areas of security operations and incident response
    • In-depth packet analysis skills, core forensic familiarity, incident response skills, public could security practices, and data fusion skills based on multiple security data sources
    • Security analysis and architecture of Azure and AWS cloud environment using security tools including Defender for Cloud, GuardDuty, CloudTrail, or CloudWatch.
    • System administration on Unix, Linux, or Windows
    • Network forensics, logging, and event management
    • Defensive network infrastructure (operations or engineering)
    • Vulnerability assessment and penetration testing concepts
    • Malware analysis concepts, techniques, and reverse engineering
    • In-depth knowledge of network and host security technologies and products (such as firewalls, network IDS, scanners) and improve these skills
    • Security monitoring technologies, such as SIEM, IPS/IDS, UEBA, DLP, among others
    • Scripting and automation

Additional Information

Benefits package includes:

  • Flexible work environment, working hybrid or in the office if you prefer.
  • Great compensation package and discretionary bonus plan
  • Core benefits include pension, bupa healthcare, sharesave scheme and more
  • 25 days annual leave with 8 bank holidays and 3 volunteering days. You can purchase additional annual leave.

Experian is proud to be an Equal Opportunity and Affirmative Action employer. Innovation is an important part of Experian’s DNA and practices, and our diverse workforce drives our success. Everyone can succeed at Experian and bring their whole self to work, irrespective of their gender, ethnicity, religion, colour, sexuality, physical ability or age. If you have a disability or special need that requires accommodation, please let us know at the earliest opportunity.

Experian Careers - Creating a better tomorrow together

Find out what its like to work for Experian by clicking here

Share this job:
Please let Experian know you found this job on Remote First Jobs πŸ™

Similar Remote Jobs

Latest Jobs at Experian

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service πŸ™

Apply