Security Analyst at Vista Group

About the role

AI-Enhanced Threat Detection & Response

• Use machine learning, generative AI, and agentic AI to analyse vast security datasets, uncover hidden attack patterns, and optimise response workflows
• Perform predictive threat modelling to anticipate emerging cyber threats and proactively enhance security measures
• Leverage AI-driven anomaly detection tools to detect sophisticated cyber adversaries in real time
• Collaborate with Detection Engineers to refine detection logic based on insights gained from AI-powered investigations

Incident Investigation & Threat Hunting

• Lead proactive threat hunting engagements using AI-powered analytics, threat intelligence correlation, and adversary simulation techniques
• Investigate complex security incidents, leveraging SIEM, XDR, cloud security tools, and forensic data to uncover root causes
• Automate investigative workflows using SOAR playbooks, Python scripts, and no-code/low-code automation platforms (n8n, Flowise, Torq)
• Conduct post-incident analysis to continuously refine detection logic and improve response playbooks

Security Automation & AI Integration

• Utilise agentic AI to automate security responses such as account lockouts, network isolations, and WAF rule adjustments
• Work with generative AI and retrieval-augmented generation (RAG) to improve SOC documentation, incident reports, and forensic summaries
• Develop automated security workflows to streamline triage, enrichment, and escalation processes

Threat Intelligence & Adversary Simulation

• Track global attack trends, leveraging threat intelligence platforms and AI-driven predictive modelling
• Simulate potential attack scenarios to test detection resilience and improve security posture
• Map attack techniques to the MITRE ATT&CK framework and suggest detection rule enhancements

Strategic Security Operations & Collaboration

• Work closely with the Head of Security Operations to align emerging security threats with the broader SOC strategy
• Engage with DevSecOps, Cloud Security, and Platform Engineering teams to proactively mitigate security risks
• Drive continuous improvement initiatives across security operations through research, automation, and AI-enhanced analytics

Requirements

About you

Security Analytics & Threat Hunting Expertise

• Strong hands-on experience with SIEM, XDR, and advanced analytics platforms
• Deep understanding of threat detection, incident response, and adversary tactics
• Knowledge of AI-enhanced security operations, including machine learning-based threat detection

Technical Proficiency

• Proficiency in Python, PowerShell, KQL, or SQL for security automation and analysis
• Familiarity with cloud security monitoring (AWS, Azure, GCP)
• Experience with SOAR platforms and AI-driven security automation

Certifications & Education

• GCIA, GCTI, GOSI, AWS Security Specialty, or equivalent
• Strong grasp of MITRE ATT&CK, threat intelligence frameworks, and cloud-native security operations