SOC Security Analyst

Bristol (City Centre)
03 Oct 2017
02 Nov 2017
Contract Type
Full Time
1756 – SOC Security Analyst

Job "Roles on both Days and Shifts( with significant uplift) available"

Join the successful Leonardo SOC Operations team and help us to provide protective monitoring services capability for customer corporate networks. This includes monitoring and analysis of event logs within a multiple SIEM environment using ArcSight, LogRhythm and RSA Envision and applying further analysis with available tools sets when escalated. Apply Monitoring and Alerting and Incident Handling techniques in line with associated guidance provided in the GPG. The Leonardo SOC offers a leading edge protective monitoring service and incident handling service to its customers.

As an Operations Analyst within the ARCHANGEL SOC, you will work as part of a shift that analyses network, application and system log events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation.

  • Reporting directly to the shift Operations Senior Analyst, you are to support the sustainment of the SOCs 24/7/365 protective monitoring services
  • Provide monitoring, alerting and incident handling services within the SOC Act as the initial analytical reference point for identifying and then quantifying the nature and extent of an attack and offer initial professional advice relating to possible business impact
  • Advise on incident containment measures
  • Provide advice relating to potential mitigation measures in order to prevent, or limit future reoccurrence
  • Develop and maintain a credible knowledge of current and emerging threats likely to effect the Integrity of the managed service you are protecting
  • Develop a credible level of protective monitoring experience, and aspire to developing a good level of experience and knowledge regarding the capabilities offered by each SIEM used
  • Deputise for your respective Shift Lead as required

Key Responsibility Areas

You will be responsible for analysing network, application and system log events in order to identify any potentially abnormal system behaviours and raise them as incidents for investigation. These will then be investigated with others to establish if these are expected events or a security threat whereby they will be escalated to appropriate customer or technical resources for remedial action.

The postholder is expected to:

  • Maintain a keen understanding of evolving Internet threats to ensure the security of client networks
  • Participate in knowledge sharing with other analysts and develop solutions efficiently
  • Participate in individual or team projects
  • Perform other essential duties as assigned
  • In addition, a key role within the SOC is keeping abreast of evolving Cyber threats and identifying new and sophisticated methods of detecting them across a customer’s IT estate.

Skills, Qualifications and Knowledge Required

  • Previous experience within Information security or time spent within an associated field
  • An active interest in software systems/engineering and/or secure communications and Information systems and/or system security architecture and/or malware
  • Experience in network and systems monitoring
  • Qualifications within the IT Security field desirable though not essential
  • Prepared to become SC and DV cleared
  • A sound knowledge of IT security best practice, common attack types and detection / prevention methods
  • Demonstrable experience of analysing and interpreting system, security and application logs in order to diagnose faults and spot abnormal behaviours
  • In depth experience of some common network or security devices, such as routers, switches, hubs, firewalls, or SIEMS
  • Strong written and verbal communication skills
  • Attention to detail and great organizational skills

Desirable skills:

  • Experience of maintaining a secure network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices. Knowledge of SNORT
  • Experience of using SIEM tools and the terminology associated with them
  • Knowledge and understanding of information technology concepts and technologies, as is knowledge of computer systems hardware and software, entity relationship models, design, protocols, attack vectors and methodologies
  • Strong understanding of network monitoring and packet analysis tools
  • An understanding of Information Security; relating to the Confidentiality, Integrity and Availability of information
  • Significant experience with TCP/IP, Linux, UNIX, Windows, IP Routing
  • Software engineering, programming or scripting knowledge. I.E Java, Net Intrinsic Factors Working to tight deadlines
  • A personable individual who is willing to accommodate the team dynamic and has an aptitude for being coached
  • The SOC Operations Analyst will be required to accommodate flexible working hours and shifts over a 24/7 rotation
  • Previous roles as an IDS analyst, Operations analyst, GCIA

Intrinsic Factors

Our SOC runs 24hrs a day, covered by staff working on average 37.7 hours per week covering rolling Day & Night shift patterns in teams.

Become part of the 5 team shift rotation over a 24/7 365 day protective monitoring service

This job was originally posted as