Senior Cyber Security Analyst (Hiring Immediately)

Company Description

Who we are

We are one of the largest international law firms in the world. With over 30 offices across the globe, we strive to exceed the expectations of our clients, providing them with the highest-quality advice and legal insight, which combines the firm’s global standards with in-depth local expertise.

Our firm, work and people span jurisdictions, cultures, and languages. We offer our clients a truly international perspective. We believe every career should be rewarding and stimulating - full of opportunities to learn, thrive, and grow. That’s why we’re so proud of our inclusive, friendly, and team-based approach to work.

Our one firm global strategy is focused on targeted growth led by the needs of our core clients, those who we can best support with the breadth and depth of Clifford Chance expertise, across the sectors and geographies, which matter most to them.

You’ll find our clients in commercial and industrial sectors, the financial investor community, governments, regulators, trade bodies, and not-for-profit organisations. But no matter who they are or why they’ve reached out to us, we provide a world-class service every step of the way. And that’s possible thanks to the entrepreneurial spirit and conscientious approach to work that you’ll find across all of our teams.

Whichever area of the business you join, you’ll become an integral part an innovative, diverse and ambitious team of people. Clifford Chance is a place where the brightest minds and the best of colleagues meet.

Job Description

The role

This role is for a cyber security analyst in Clifford Chance's cyber security team. Clifford Chance has a global estate and 6000+ staff; it is imperative that we maintain the security of the estate and enable the legal advisors and others to carry out their work.

The cyber security analyst will be responsible for managing and investigating cyber incidents, ensuring that incidents are handled from beginning to end and are properly contained and remediated. You will work closely with suppliers and internal IT teams to scope and run penetration tests, scan for and fix vulnerabilities across the network, and implement security improvements across the estate. You will also mentor and support junior members of the team.

This role will suit a highly motivated individual, with keen attention to detail, who can demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats and developing strategies for their detection and mitigation.

Who you will work with

You will work within the cyber security team at Clifford Chance, alongside the information security team, reporting into the Head of Cyber Security. You will work with a number of IT and business risk colleagues across the business on incidents and wider improvement projects. You may also work with our legal professionals and occasionally clients if there is a cyber security issue affecting them.

You will be working with colleagues in the security team primarily in the UK and India, however you will work with IT and business teams across the world.

What you will be responsible for

Key responsibilities of the Senior Cyber Security Analyst.

• Manage and respond to cyber security incidents from initial triage through to close down.
• Work with Major Incident Management teams and Head of Cyber Security to manage and investigate serious incidents as required.
• Document incidents clearly and report upwards as required.
• Investigate incidents using a range of tooling – such as endpoint analysis via Microsoft Defender, use of SIEM products, log analysis and malware analysis.
• Operate the firm's Vulnerability Scanning solution, manage the resolution of vulnerabilities across various teams, and provide reports and metrics as required.
• Research and incorporate relevant threat intelligence during the incident investigation and in written and verbal reports.
• Maintain current tooling and best practise knowledge in relation to attacker tactics and techniques, response processes, containment and remediation of incidents.
• Track cyber threat actors/campaigns based off technical analysis and open source intelligence.
• Scope and provide oversight and management of penetration testing / red teaming activities.
• Drive improvements in the cyber security team's functions and capabilities – improving incident handling, tooling, general skills and knowledge etc.
• Perform threat hunting activities across the network, including designing and running threat hunts.
• Mentor and support more junior analysts.
• Liaise with Architecture, IT Operations, Network Security and IT Risk to implement security enhancements and during incidents.
  

What you will do

• Manage and respond to incidents.
• Work with teams across the business to successfully resolve incidents – including business teams, IT teams, and suppliers.
• Report metrics relating to incidents, vulnerability scans and other relevant areas as required.
• Input into strategy and direction for the team as a whole.
• Run vulnerability scans as required (shared across the team)
• Support / manage scoping of supplier work such as penetration tests, build or network security reviews and oversee delivery of this work.
• Manage projects / ongoing tasks – these will be varied but will be aligned to your role such as managing a project to roll out a new security tool or a set of improvements to our detection capabilities.
• Mentor and guide junior staff as required.
• Drive improvements across the security function – for example improving our playbooks, defining new threat hunting processes, training up other staff in areas you are highly skilled in, recommend improvements to the Head of Cyber Security.
  

Note that you will be required to be on-call for major incidents out of hours on a rota basis, this is shared across the team.

Qualifications

Your experience

The cyber security analyst will have at least 3-5 years experience in cyber security and incident handling. Key areas of essential experience include:

• 3+ years of hands on cyber incident response experience with proven capability and experience of investigating, managing and remediating cyber security incidents.
• Knowledge of data breaches, ransomware, fraud and other types of serious incident.
• Knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour.
• Experience in escalating and articulating security concepts to senior, technical and non-technical audiences.
• Strong organisational, communication and project management skills.
• Strong Azure / M365 cloud knowledge and experience as well as on-premise IT experience.
• Usage of investigation tools such as malware sandboxes, SIEMs, log analysis tooling, network traffic analysis, endpoint analysis (event logs, files, processes).
• Experience with vulnerability scanning and management tooling and interpretation of results.
• Experience working in a team-oriented, collaborative environment.
• Windows operating systems
• Experience with standard on-premise security products such as firewalls, proxies, endpoint solutions.

Desirable experience includes:

• Management of complex and major incidents such as data breaches and ransomware.
• Threat modelling and use case development and the MITRE ATT&CK framework to guide detection rulesets, threat hunting and investigations.
• Team / people management and mentoring
• Development of SIEM use cases and rulesets (knowledge of what is possible/practical, implementation experience not essential).
• Project management experience.
• Documentation of security processes, designs, project plans.

Desirable certifications include the following but are not required:-

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• SANS GCIH Certified Incident Handler or CREST Cyber Incident Manager
• CREST Intrusion Analyst
• Azure / M365 cloud certifications
• Certified Cloud Security Professional (CCSP)
• CompTIA Security+
  

How we will support you

From your first day with us, you will have varied opportunities to continuously grow and development your skills and knowledge. From formal training, informal coaching and mentoring through to skills-based and technical training and on the job learning.

The security team works very closely together to mentor and support each other, as well as ensure everyone has formal training to keep them up to speed with the latest technologies, trends, skillsets. We are flexible and keen to work with you to work out what training is best suited to you and the team as a whole.

Additional Information

Hybrid working

This role follows our 'balanced' hybrid working approach and as long as business needs allow, you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time.

What we offer including our broad range of benefits and working environment

When you join Clifford Chance, you will have access to a broad range of benefits to support you across many aspects of your personal]]> <