Senior Security Analyst Team Lead SOC
Senior Security Analyst Team Lead (SOC)
Your technical expertise as a senior security analyst and experience in the Cyber Security domain would make you an immediate positive asset to my client.
I am currently looking for an experienced senior security analyst/ team lead to manage the SOC and oversee the application of analytic and technical skills to achieve the effective monitoring of network security resources whilst also managing a small team of 3 people (with plans to grow and expand this team). You’ll work amongst cutting-edge technology that gives you the opportunity to make a real difference and contribute to the future of engineering excellence
You will be given an excellent benefits package.
This company is a leading technology and service innovator, working mainly across Aerospace and Defence sectors; covering Air, Land, Maritime and Space. They deliver outsourced aviation and military related services to customers worldwide and provide communication & critical control solutions to increase safety and capability.
Below are some further details on the role. At the bottom of the page is where you can apply.
The Senior Security Analyst/Team Lead leads and manages the Security Operation Center (SOC). Oversees the application of analytic and technical skills to achieve the monitoring of network security resources. Oversees the investigation and resolution of security incidents and the identification of malicious activity. Supervises and ensures the coordination of incident response.
Reports to: SVP Information and Assurance
Role: Security Analyst Team Lead (SOC)
Location: Bournemouth/ Marlow (would need to spend 2 days in Bournemouth)
The Senior Security Analyst/Team Lead will lead, manage, and oversee the conduct of advanced network threat detection and analysis of security events identified by SIEM engines, signatures triggered by IPS/IDS, firewalls, syslogs, and endpoint security solutions, and/or escalated via ticket. They will oversee SOC analysts monitoring and parsing security data and netflow feeds, including inspection of correlated events and packet captures. They will supervise the integration of threat intelligence into the corporate network platform by SOC personnel. They will ensure the development, enhancement and implementation of detection and response capabilities, including creation of robust SIEM content, IDS rules, SOP documentation, and creation of incident response methodologies. This individual will be a key part of driving research and product development to help recommend new security tools to improve the current environment and will be expected to work in close coordination with the IT Services team. They will be expected to be able to communicate effectively, evenly, and intelligently via phone, email or ticket updates. And will b expected to remain an SME on cyber security issues through research of industry trends.
- Leads, manages, guides and oversees the SOC personnel review and correlation of intrusion detection and prevention event activities including:
- Detecting and blocking malicious network traffic
- Signature and correlation tuning
- False positive reduction
- TCP/IP analysis and manipulations
- Detecting and defeating counter-evasion strategies
- Detecting and eliminating various attack vectors
- Enacting email security techniques
- Engaging data recovery techniques
- Conducting analysis of Timestamp & File system
- Parsing of logs and log correlation
- Leads manages, guides and oversees SOC personnel, ensuring the determination of the cause, purpose and/or outcome of security events, and resolve activity events, to include guiding the conduct of:
- Analyzing packet captures
- Identification of malware and suspicious activity patterns in firewall, router, and server logs.
- Leveraging a knowledge of Windows OS, Linux OS, and VM to create minor shell scripts or VB/Access to support data extraction, correlation and discovery
- Integration of Managed Security Service Provider services into daily SOC functioning.
- Supervise the conduct of network and operating system forensics, including the maintenance of appropriate and verifiable chain of custody and evidence collection
- Leads, manages, and guides SOC personnel, ensuring the following:
- Reporting risks and security events related to malicious activity
- Coordinating and resolving security incidents through complex analysis and troubleshooting of security devices/solutions
- Escalating security incidents appropriately
- Inform on the change management process
- Technical expertise in Information and Network Security including:
- Administration of Carbon Black Endpoints, LogRhythm SEIM management, and Nexpose
- Certification in Ethical hacking.
- Understanding and command of the fundamentals of network routing, TCP/IP and Network Security and associated certification in in Security Management principles.
- 2+ years of SOC or MSSP experience with at least 1 year in an in-depth technical role
- 2+ years of SIEM experience – with knowledge of content creation (rules, alerts, etc.)
- Strong analytical and investigation skills
- Ability to communicate IT, networking, and security concepts to personnel at all levels of experience and responsibility
- Experience with automated incident response tools (Sysmon, Carbon Black, etc.), packet capture and analysis (tcpdump/windump, Wireshark, etc.) and host and network forensics
- Strong background with in-depth analysis of security events and the ability to triage security events
- Strong understanding of security architectures and devices, threat intelligence consumption and management, malware infections and proactive mitigation, data exfiltration techniques
- Track record of creative problem solving, and the desire to create and build new processes
- Strong time management and multitasking skills as well as attention to detail
- Experience working in fast paced environments, and ability manage workload even during times of stress or escalated activity
- Excellent oral and written communications skills
Skills: Information Security, Information Assurance, Cyber Security, analytic, analysis, CISA, ITIL, CCP, CLAS, CISSP, CESG, CPNI, HMG, MOD CISSP, SSCP, CISM, CRISC, CAP, CIA, QIAL, IIA, CHECK, Security architecture, giac, ec council, tiger, check, cisco, ceh, pen tester, penetration tester, system test, software test, TIGER, CREST, TCP, IP, SOC, NOC, SEIM, SIEM, analyst
Electus Recruitment Solutions provides specialist engineering and technical recruitment solutions to a number of high technology industries. We thank you for your interest in this vacancy. If you don't hear from us within 7 working days please presume your application has been unsuccessful on this occasion. You are of course free to resubmit your CV/details in the future and we shall assess your suitability at that time.
Due to the nature of work undertaken at our client's site, incumbents of these positions are required to meet special nationality rules and therefore these vacancies are only open to sole British Citizens. Applicants who meet this criteria will also be required to undergo security clearance vetting, if not already security cleared to a minimum SC level.
This is a Permanent position