My client, a housing association based in London are looking for a SOC Analyst to join them in their London office - this role is hybrid but you will have to come into the office at least one day per week.
This is a 12 month Fixed-Term Contract as effectiveltly it is maternity cover. However, there is a 50-50 chance this could be converted into a permanent role after the initial 12 months.
Job description
The Security Operations team exists to protect the client by proactively detecting and responding to cyber security threats.
Principal Duties and Responsibilities:
• Responsible for providing Tier 2 case resolution, resolving complex security
cases including generating initial reporting, providing follow-ups and requesting
information and resolution activity.
• Day-to-day incident tirage and escalation using contextual and threat
intelligence
• Responsible for providing security expertise to escalated incidents
• Act as the incident handler for P1/P2 incidents
• Provide and support In-depth SIEM and Incident notification toolset
administration and configuration
• Fully utilize threat intelligence capabilities for proactive threat hunting
• Responsible for providing communication directly with customers regarding
security incidents and other related topics.
• Aid in the development of incident response procedures and playbooks
• Contribute to the design and development of defense and response strategies,
knowledge base and playbooks.
• Monitoring SIEM alerts effectively to minimize downtime and restore services.
• Ensure investigation steps are documented and accurately escalated when
needed.
• Responsible for producing and maintaining documentation relevant to both the SOC and position.
• Responsible for updating and offering continual improvement to the knowledge
base.
• Support the SOC team in researching global security events, issues and trends
to produce security advisories for customers based on findings.
• Responsible for managing and configuring security monitoring tools.
• Investigating intrusion attempts and performing in-depth exploit analysis.
• Provide analytical feedback on client network traffic patterns.
• Provide analytical feedback related to malware and other network threats.
• Accept, manage, and update service requests and incidents to ensure
contracted Service Level Agreements are met.
• Guiding, coaching and mentoring analysts who are providing the core SOC
functions, including but not limited to, alert triage, incident escalation, content
creation, etc.
Generic Duties and Responsibilities:
• To continuously develop both technical and personal skills required within the
role and assist with the development of other staff.
• Keep up to date on security developments and news
• Conducting cyber threat research and analysis for purposes of improving the
strength of network security.
• Assist with defining, testing and operating new ways of working with new
technology solutions or processes supplied to the SOC team.
• Participate in the identification and delivery of Service Improvement Plans.
• Proactively support business KPIs.
• Understand and comply with all Information Security policies.
• Follow agreed security best practices and SOC processes
• Interact with strategic incident response and threat intelligence vendors.
• To undertake other responsibilities, training and tasks as reasonably requested
by line management.
• Undertake periodic assurance reviews and produce associated reporting as
required.
• Participate in internal security awareness initiatives and other training requests
• Responsible and accountable for ensuring all employment legislative
requirements are adhered including equality, diversity and health and safety
issues.
• The job description may be altered at any time in line with the level of the post
to meet changing requirements, but only in full consultation with the post holder.
Personal Specifications:
• Cyber Security Qualification (CompTIA or equivalent experience)
• ITIL Foundation
• 5 years of SOC analyst experience
Skills, Knowledge and Experience:
• Previous experience in a similar position
• Knowledge and experience of SOC tooling to identify threats.
• Experience of collaboration tools
• Keen analytical mind and approach
• Proactively shares own expertise with others
• Knowledge and experience of IT systems, networking and security threat
landscape including:
• Network fundamentals for example OSI stack, TCP/IP, DNS. HTTPS, firewall
logs, packet capture and analysis.
• Cloud technologies (AWS, Google Cloud, Azure)
• Active Directory, Group Policies, PowerShell
• Anti-Malware / Endpoint protection applications (Antivirus, Web Filtering, ATP,
Encryption, Microsoft Defender ATP, FireEye, CrowdStrike)
• Intrusion Detection/Prevention Systems (IDS/IPS) (Snort, Cisco, Fortinet)
• SIEM tools (IBM Qradar, Microsoft Sentinel, Splunk, ELK)
• SOAR is an added advantage
• Knowledge of malware capabilities, attack vectors and impact.
• Knowledge of the MITRE ATT&CK framework to understand threat actors and
how to mitigate them.
• Knowledge and experience in threat analysis.
• Vulnerability Management
• Threat Hunting and Threat Intelligence (MITRE ATT&CK)
• Web Proxies (Bluecoat, Cisco/OpenDNS Umbrella)
• Incident Response
• Networking & Firewalls (Cisco, Palo Alto, Checkpoint)
• Penetration Testing
If the above is of interest please do apply to this role or call me on 0207 509 8040 to find out more.
Robert Walters Operations Limited is an employment business and employment agency and welcomes applications from all candidates