Senior Security Operations (SOC) Analyst

Senior Security Operations (SOC) Analyst

• SOC; Cyber Security; Information Security; IT Infrastructure; SIEM; Cyber Threats

• Splunk; Firewalls; IDS/IPS; Active Directory; Endpoint Protection; Windows Server; Linux; TCP/IP; Networks; Cloud; CDN's

• £50,000 - £70,000 + bonus + overtime - please note this role is core hours, not 24/7 as we hava a global SOC presence

• Preston; Farnborough; Bristol

Would you like to play a key role in defending one of the UK's major defence companies from cyber-attack?

As a Senior SOC Analyst, you will be working in a dedicated security team safeguarding IT infrastructure against Cyber Threats coming from sources that range from state actor's through to individuals. You will use the latest SIEM and analytical tools and apply your technical and business knowledge to proactively detect, investigate and report on the complete range of cyber-attacks faced by a Defence Prime Contractor.

This role will provide you with the opportunity to work at the forefront of cyber-attacks and investigations in a varied, interesting and engaging role.

Your main responsibilities as a Senior Soc Analyst will involve:

• Triage, analyse and investigate alerts, log data and network traffic using the monitoring platforms and Internet resources to identify cyber-attacks / security incidents

• Proactively search for those threats not easily detected by existing use cases

• Act as a mentor and as an escalation point within the team for technical queries.

• Escalate suspected major security incidents / investigations where support is required

• Define monitoring use cases and develop prototype rules e.g. In response to intelligence or gaps in defences

• Contribute to the development of the services through people, process and technology where appropriate

• Build a comprehensive knowledge of IT systems to support monitoring activities and tailor remediation recommendations to systems

• Contribute to and help the development of Cyber Operations through knowledge sharing, research and supporting improvement initiatives / projects

• Contribute to and help define requirements for future security capabilities along with the Lead Analyst.

Your skills and qualifications:

Essential:

• Broad and detailed experience of technologies including but not limited to firewalls, IDS/IPS, Active Directory, endpoint protection, Windows Server, Linux, TCP/IP, Networks, Cloud, CDN's and Vulnerability Management

• A strong technical background with a detailed knowledge of cyber security, computer networks and operating systems.

• Analytical background and comfortable analysing and interpreting large and complex data sets and articulating the story behind any observations along with providing conclusions and recommendations

• Knowledge and experience of using tools to dissect common threats to produce useable IOCs. E.g. Malicious document analysis.

• Detailed knowledge of the current threat landscape, the TTPs frequently employed in those attacks and how we can investigate and mitigate these.

• Relevant Vendor and GIAC Qualifications or equivalent proven industry experience

Desirable:

• Background of prior experience of working in an information and/or cyber security environment (Government or commercial sector) environments

• Development experience or scripting languages