We are looking for a proactive, technically-minded and organised Security Operations Center Analyst to join a leading cybersecurity company helping clients all around the world.
The goal of the SOC Analyst is to minimize and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring.
Responsibilities:
• Using raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviors.
• Investigating, defining and resolving complex issues.
• Reviewing, updating and creating detection rules
• Producing and developing dashboards and reports to continuously improve security situational awareness.
• Producing incident reports to present activity and outcome of operational security services and activity.
• Supporting the investigation of security breaches and coordinating and managing all Incident Responses.
• Ensuring that all security incidents have been correctly prioritised and diagnosed in accordance with agreed procedures.
• Investigating the causes of incidents, document findings and seek resolution.
• Making sure the escalation of any unresolved incidents has been completed according to agreed procedures.
• Acting on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimize impact to confidentiality, integrity and availability of systems and data.
• Creating security risk, vulnerability assessments, and business impact analysis as required.
• Reviewing, updating and creating CSIRT policies, playbooks and standard operating procedures documentation.
• Providing advice and guidance to other teams within the business on good practice and maintaining relevant and current industry knowledge.
Experience:
• Have experience in a SOC environment
• Have knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention tools and technologies
• Have working knowledge of the Cyber Kill Chain and/or Incident Response Phases and adversarial tactics, techniques, procedures (TTPs) and industry standard frameworks (MITRE ATT&CK).
• Have experience with the approaches threat actors take when attacking a network, including phishing, port scanning, web application attacks, DDoS, lateral movement.
• Have experience with Security Monitoring tools.
• You can take a pragmatic view of the application of technologies; understanding the business application of them and being able to identify a balance between the management of risk and the capability for the business to continue to operate.
• You have in-depth experience of at least one of the following technology areas; End-User Computing/Hosting/Networks/Cloud/Development.
• You have knowledge of commonly-accepted information security principles and practices, as well as techniques attackers use to identify vulnerabilities, gain unauthorized access, escalate privileges and access restricted information.
• You communicate well and can present complex information to both technical and non-technical audiences.
