Default Portal

    At Amber Labs, we are a cutting-edge UK and European technology consultancy that prioritises empowering autonomy, promoting experimentation, and facilitating rapid learning to provide exceptional value to our clients. Our company culture is centred around collaboration, where all colleagues, regardless of their role, work together to minimise risk and shorten delivery times. Our team consists of highly-skilled cross-functional consultants, analysts, and support staff.

    Our clients have the opportunity to earn R&D credits that can be used towards our areas of expertise: Data, Governance, and Cloud Engineering, allowing us to drive customer-focused innovation. Our work extends across both the public and private sectors, providing our colleagues with a diverse and interesting landscape of experience.

    Amber Labs was founded on three key principles:

    1. A people-first internal culture, with diverse investments and exciting opportunities for our team, and a partnership structure that ensures everyone has a chance to share in the success of the company.

    2. Constant iteration to identify opportunities to develop artifacts, accelerators, and automation solutions that allow for rapid deployment of highly technical cloud or on-premises solutions for our clients.

    3. Consistent investment in our ADM (Amber Labs Delivery Methodology, underpinned by Agile Methodology) to ensure maximum velocity, quality, and value.

    ROLE: Cyber Defense Analyst
    LOCATION: On-Site (Corsham or Portsmouth)
    CLEARANCE: DV Clearance is a must,

    Job Description: The Cyber Defence Analyst will play a pivotal role in our growing security team, responsible for designing, delivering, and maintaining operational cybersecurity capabilities. This role involves proactive, risk-based monitoring of priority C4IS/networks to identify and mitigate internal and external cyber threats and attacks. Additionally, the Cyber Defence Analyst will be involved in mentoring junior analysts and actively remediate unauthorized activities.

    Responsibilities:

    • Develop and integrate security event monitoring and incident management services.
    • Respond to security incidents as part of an incident response team.
    • Implement metrics and dashboards for visibility of the Enterprise infrastructure.
    • Utilize the SOAR platform for playbook automation and case management capabilities.
    • Produce documentation to ensure repeatability and standardization of security operating procedures.
    • Develop additional investigative methods using the SOC’s software toolsets.
    • Maintain system security baselines according to latest threat intelligence.
    • Participate in root cause analysis of incidents in collaboration with engineers.
    • Provide Subject Matter Expertise on information security standards and best practices.
    • Offer strategic and tactical security guidance, including evaluation of technical controls.
    • Participate in the CRM process.
    • Liaise with SOC engineers to maintain up-to-date security alert dashboards.
    • Document, validate, and create operational processes and procedures.
    • Assist in identifying, prioritizing, and coordinating the protection of critical cyber defence infrastructure.
    • Build, install, configure, and test dedicated cyber defence hardware.
    • Support Junior Analysts in managing SOC systems.

    Requirements:

    • Previous experience with Enterprise ICS/network architectures and technologies.
    • Experience and knowledge of SIEM solutions, including use case identification, deployment, and tuning.
    • Experience as a mentor or coach to junior analysts.
    • Familiarity with MITRE ATT&CK and Cyber Kill Chain frameworks.
    • Proficiency in maintaining Microsoft directory services.
    • Proficiency in virtualization software.
    • Knowledge of key security frameworks (e.g., ISO, NIST 800-53, 800-171, 800-172, C2M2).
    • Excellent communication skills.
    • Experience in writing Defence/Government documentation.

    Desirable Qualifications:

    • Broad Spectrum Cyber Course (e.g., SANS SEC401 or SEC501 or equivalent).
    • SIEM Design, Architecture, and Analyst Course (e.g., SANS SEC455 or SEC555 or equivalent).
    • Advanced Analyst Course (e.g., SANS SEC503 or equivalent).

    Join us in our mission to protect critical infrastructures and advance the field of cybersecurity. Apply now to become a part of our dynamic team!



      What Happens Next?

      Our Talent Acquisition team will be in touch to advise you on the next steps. We have a two-stage interview process for most of our consultants. In certain cases, we may include a third and final stage, which is a conversation with the company Partners. This will only be considered if deemed necessary.

      %FOOTER_POWERED_BY%breezy