Senior Cyber Security Analyst

The role 

This role is for a cyber security analyst in Clifford Chance's cyber security team. Clifford Chance has a global estate and 6000+ staff; it is imperative that we maintain the security of the estate and enable the legal advisors and others to carry out their work. 

The cyber security analyst will be responsible for managing and investigating cyber incidents, ensuring that incidents are handled from beginning to end and are properly contained and remediated. You will work closely with suppliers and internal IT teams to scope and run penetration tests, scan for and fix vulnerabilities across the network, and implement security improvements across the estate. You will also mentor and support junior members of the team. 

This role will suit a highly motivated individual, with keen attention to detail, who can demonstrate an exceptional analytical skill set and knowledge of current and evolving Cyber threats and developing strategies for their detection and mitigation.

Who you will work with

You will work within the cyber security team at Clifford Chance, alongside the information security team, reporting into the Head of Cyber Security. You will work with several IT and business risk colleagues across the business on incidents and wider improvement projects. You may also work with our legal professionals and occasionally clients if there is a cyber security issue affecting them. 

You will be working with colleagues in the security team primarily in the UK and India, however you will work with IT and business teams across the world. 

What you will be responsible for

Key responsibilities of the Cyber Security Analyst.

• Manage and respond to cyber security incidents from initial triage through to close down. 

• Work with Major Incident Management teams and Head of Cyber Security to manage and investigate serious incidents as required. 

• Document incidents clearly and report upwards as required. 

• Investigate incidents using a range of tooling – such as endpoint analysis via Microsoft Defender, use of SIEM products, log analysis and malware analysis.  

• Operate the firm's Vulnerability Scanning solution, manage the resolution of vulnerabilities across various teams, and provide reports and metrics as required.

• Research and incorporate relevant threat intelligence during the incident investigation and in written and verbal reports.

• Maintain current tooling and best practise knowledge in relation to attacker tactics and techniques, response processes, containment and remediation of incidents. 

• Track cyber threat actors/campaigns based off technical analysis and open source intelligence.

• Scope and provide oversight and management of penetration testing / red teaming activities.

• Drive improvements in the cyber security team's functions and capabilities – improving incident handling, tooling, general skills and knowledge etc. 

• Perform threat hunting activities across the network, including designing and running threat hunts. 

• Mentor and support more junior analysts.

• Liaise with Architecture, IT Operations, Network Security and IT Risk to implement security enhancements and during incidents.

What you will do

• Manage and respond to incidents.

• Work with teams across the business to successfully resolve incidents – including business teams, IT teams, and suppliers.  

• Report metrics relating to incidents, vulnerability scans and other relevant areas as required. 

• Input into strategy and direction for the team as a whole. 

• Run vulnerability scans as required (shared across the team)

• Support / manage scoping of supplier work such as penetration tests, build or network security reviews and oversee delivery of this work. 

• Manage projects / ongoing tasks – these will be varied but will be aligned to your role such as managing a project to roll out a new security tool or a set of improvements to our detection capabilities. 

• Mentor and guide junior staff as required. 

• Drive improvements across the security function – for example improving our playbooks, defining new threat hunting processes, training up other staff in areas you are highly skilled in, recommend improvements to the Head of Cyber Security. 

Note that you will be required to be on-call for major incidents out of hours on a rota basis, this is shared across the team. 

Your experience

The cyber security analyst will have previous experience in cyber security and incident handling. Key areas of essential experience include: 

• Solid hands on cyber incident response experience with proven capability and experience of investigating, managing and remediating cyber security incidents.

• Knowledge of data breaches, ransomware, fraud and other types of serious incident. 

• Knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour. 

• Experience in escalating and articulating security concepts to senior, technical and non-technical audiences.

• Strong organisational, communication and project management skills. 

• Strong Azure / M365 cloud knowledge and experience as well as on-premise IT experience. 

• Usage of investigation tools such as malware sandboxes, SIEM s (Azure Sentinel), log analysis tooling, network traffic analysis, endpoint analysis (event logs, files, processes). 

• Experience with vulnerability scanning and management tooling and interpretation of results. 

• Experience working in a team-oriented, collaborative environment.

• Windows operating systems

• Experience with standard on-premise security products such as firewalls, proxies, endpoint solutions. 

Desirable experience includes:

• Management of complex and major incidents such as data breaches and ransomware. 

• Threat modelling and use case development and the MITRE ATT&CK framework to guide detection rulesets, threat hunting and investigations. 

• Team / people management and mentoring

• Development of SIEM use cases and rulesets (knowledge of what is possible/practical, implementation experience not essential). 

• Project management experience. 

• Documentation of security processes, designs, project plans. 

Desirable certifications include the following but are not required:-

• Certified Information Systems Security Professional (CISSP)

• Certified Ethical Hacker (CEH)

• SANS GCIH Certified Incident Handler or CREST Cyber Incident Manager

• CREST Intrusion Analyst

• Azure / M365 cloud certifications

• Certified Cloud Security Professional (CCSP)

• CompTIA Security+

How we will support you

From your first day with us, you will have varied opportunities to continuously grow and development your skills and knowledge. From formal training, informal coaching and mentoring through to skills-based and technical training and on the job learning.
The security team works very closely together to mentor and support each other, as well as ensure everyone has formal training to keep them up to speed with the latest technologies, trends, skillsets. We are flexible and keen to work with you to work out what training is best suited to you and the team as a whole.  

Who we are

Whatever your area of expertise, you will find a range of career opportunities at Clifford Chance. And wherever you’re heading, Clifford Chance is where you can be true to your ambitions.

Our firm, work and people span jurisdictions, cultures and languages. In a world where commercial success increasingly relies on globalisation, we offer clients a truly international perspective, and we offer our people a rewarding and stimulating career. 

We're proud of our approachable, friendly and team-based way of working. Highly professional and self-assured, with an entrepreneurial streak, our people are more than happy to share their expertise and knowledge.

Hybrid Working

 
This role follows our 'balanced' hybrid working approach and as long as business needs allow, you will be supported to work in a hybrid way with the expectation of working from the office for a minimum of 50% of your time. Please see our careers site for further information on our working environment. 

Equal opportunities statement

At Clifford Chance we understand that our true asset is our people. Inclusion is good for our team and their families, our firm and society. 

We are committed to treating all employees and applicants fairly and equally regardless of their gender, gender identity and expression, marital or civil partnership status, race, colour, national or ethnic origin, social or economic background, disability, religious belief, sexual orientation, or age.  This applies to recruitment and selection, terms and conditions of employment including pay, promotion, training, transfer and every other aspect of employment.

Our goal is to deliver an equality of opportunity, an equality of aspiration and an equality of experience to everyone who works in our firm. Find out more here. 

#LI-AS1