Excellent opportunity for a Senior SOC Analyst to join global leader to work within their (virtual) Security Operations Centre, which continues to grow both in terms of personnel and capability.
Reporting to the Lead SOC Analyst, you will respond to and investigate security alerts, ensure Indicators of Compromise (IOCs) are maintained, liaise with internal resolver groups and external customers in support of security investigations and contribute to the development of analysis playbooks and tradecraft by refining internal processes and procedures.
You will act as the Subject Matter Expert (SME) of various SOC tools, be proficient with the NIST four step incident response model (e.g. preparation, detection/analysis, containment/eradication and recovery) and assist in the creation of metrics that inform the senior leadership team of security events and incidents.Responsibilities
- Conduct in-depth triage and investigation of security queries, events and potential incidents.
- Responsible for interrogating Security Information and Event Management (SIEM) tool for threats, vulnerabilities and IOC's.
- Responsible for responding to suspected and confirmed security incidents, investigating these to conclusion with the available tools and resources, while taking appropriate actions to minimise the impact.
- Responsible for conducting limited malware analysis through the use of malware sandbox tools..
- Support the Lead SOC analyst in implementing improvements to the current SOC processes and playbook.
- Support the development of other SOC analysts, and act as a point of escalation during incident investigations.
- Support the Lead SOC analyst and Head of Information Assurance and Security Compliance to improve incident reporting metrics.
- Promote a holistic view of security by supporting other resolver groups (technical and non-technical) allowing the business to operate with confidence.
- Promote the improvement of current tools in use by the SOC by proposing new content development, configuration enhancements, and identifying any deficiencies.
- Demonstrable passion for the subject with a desire for personal professional development.
- Experience working in a Security Operations Centre, ideally with prior experience at a senior analyst level
- Professional intrusion detection/analysis certification (e.g. GIAC GCFA, GCIA, Crest CRIA, CCHIA).
- Demonstrable experience in the use of SIEM, endpoint analysis, and network analysis tools.
- In-depth knowledge of common network protocols, Microsoft and LINUX based operating systems.
- Knowledge of the diamond intrusion analysis model, MITRE ATT&CK framework and NIST 800-61.
- Strong communication (i.e. oral, presentational, technical and written skills).
· 25 days holiday + statutory public holidays
· Contributory Pension Scheme (up to 10.5% company contribution)
· 6 times salary 'Life Assurance'
· Flexible Benefits scheme with extensive salary sacrifice scheme's.
· Enhanced sick pay scheme
This role will be on a WFH basis in the short-term and a blend of WFH and office working longer term.
This job was originally posted as www.totaljobs.com/job/90797197