Embedded Cyber Detection and Response Analyst
Control Risks Group Holdings Ltd
Charing Cross, United Kingdom
3 days ago
Role details
Contract type
Permanent contract Employment type
Full-time (> 32 hours) Working hours
Shift work Languages
English Experience level
IntermediateJob location
Charing Cross, United Kingdom
Tech stack
Amazon Web Services (AWS)
Data analysis
Azure
Log Analysis
Security Information and Event Management
Cloud Platform System
Mitre Att&ck
Malware
Cybercrime
Dart
Cyber Warfare
Splunk
Job description
The Cyber Detection and Response Analyst supports day-to-day detection, investigation, and response activities as part of a Cyber Detection and Response Team (DART). This is a hands-on technical role focused on identifying, analysing, and responding to cyber threats across the client's environment, working closely with Security Engineering and broader security stakeholders.
This role will be a part of a 24/7 team and cover one of two shifts: Sunday-Thursday 9:00 am-5:00 pm GMT or Tuesday-Saturday 9:00 am-5:00 pm GMT, * Monitor, triage, and investigate security alerts and events across endpoint, network, cloud, and identity systems.
- Support incident response activities including analysis, containment, remediation, and documentation.
- Execute established incident response playbooks and contribute to their continuous improvement.
- Perform threat hunting activities to identify potential compromises and gaps in detection coverage.
- Leverage threat intelligence to inform investigations and detection tuning.
- Collaborate with Security Engineering to tune detection logic and improve security controls.
- Produce clear, concise incident reports and support root cause analysis and remediation efforts.
- Support on-call rotations and escalation processes as part of a 24/7 detection and response capability.
Requirements
- 3-5 years of experience in cybersecurity, with a focus on incident response, SOC operations, or cyber defense.
- Hands-on experience with SIEM, EDR/XDR, and log analysis tools (e.g., Splunk, Sentinel, CrowdStrike).
- Practical understanding of incident response methodologies and frameworks such as MITRE ATT&CK and NIST.
- Familiarity with threat hunting, malware analysis, or forensic investigation techniques.
- Exposure to cloud environments (AWS, Azure, or GCP) and modern enterprise architectures is preferred.
- Strong analytical and problem-solving skills, with the ability to communicate technical findings clearly.
- Relevant certifications (e.g., Security+, GCIH, GCIA, or equivalent) are a plus.