Blackthorn Trace have partnered with a leading satellite telecommunications company based in Central London to add an Senior SOC Analyst with 4+ years experience to their active 24/7 x 365 SOC. This position will require the new Senior SOC Analyst to be on call during daytime, night time and the weekend. We are looking for an analyst with a good forensics background and experience working with SIEM solutions such as SPLUNK & QRadar (or similar), VA Scanners, IDS/IPS and packet analysis. The new Senior SOC Analyst will work as part of the security operations team focusing on security related tasks to ensure that security requirements are being implemented and operated as per the Group Security program.
Key responsibilities of the position
- A member of the Security Operations team focused on Network, Platform, and Application security issues.
- Provide Support for the Security Information and Event Management (SIEM) System. Monitor alarm console and assist 1st/2nd level analysts with event triage and escalations.
- Provide telephone, e-mail and ticket service to Incident Response process stakeholders.
- Maintain a Compliance/Vulnerability Assessment (VA) Scanning Capability. Follow a documented process for routine scanning of infrastructure and network elements. Conduct routine scanning of infrastructure and network elements.
- Maintain an Information Assurance Vulnerability Management (IAVM) and System Patching Process. Assist in maintaining an up to date Software Inventory configuration database. Interface with platform and network element administrators to maintain status of software versions and patching. Interface with platform and network element administrators to determine hardware/software inventories for infrastructure.
- Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
- Deliver 2nd/3rd level investigation and remediation activities as a member of the Security Incident Response Team. Lead Security Incident Response Team (SIRT) events: Conduct research and assessments of security events; provide analysis of firewall, IDS, anti-virus and other network sensor produced events; present findings as input to SIRT.
- Conduct shift change reports on open cases and maintain case data in the Incident Response Management platform.
- The post will require on-call work to include daytime, night time, and weekend work.
Essential Knowledge and Skills:
- Cyber security professional with solid experience of direct information security operations.
- University degree level education or equivalent in Computer Science / Data Communication.
- A Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or equivalent certification would be advantageous.
- Intermediate knowledge of Information Security fundamentals, technologies, and design principals.
- Proven experience in securing Windows, Linux, Oracle and VM platforms.
- Proven experience of QRadar or similar Security Information and Event Management (SIEM) tools for analysing network and security incidents.
- Proven experience in Tenable Network Security Nessus, BeyondTrust Retina or similar Vulnerability Assessment (VA) scanner operations for identifying network and platform risks and mis-configurations.
- Willingness to learn new skills and be self-motivated.
- Ability to work in a team environment, to work under pressure and show flexibility.
- Excellent verbal and written communication skills in English.