About The Role
SOC Shift Lead Definition:
Managing a team of analysts on rotation covering the 24x7 operations of the SOC, the shift lead will manage the running of the shift, ensuring that work is prioritised and completed in line with the goals and objectives of the SOC. The shift lead will act as a mentor to the Junior and Tier 1 analysts encouraging training and development activities while maintaining service SLA's and triage of the security incidents, the shift lead will also be responsible for appropriate escalations in and out of hours to the Tier 2 analysts for additional support when analysing security incidents.
Essential duties & responsibilities
Responsible for working in a 24x7 Security Operation Centre (SOC) environment
Provide analysis and trending of security log data from a large number of heterogeneous security devices.
Provide Incident Response (IR) support when analysis confirms actionable incident.
Provide threat and vulnerability analysis as well as security advisory services
Analyze and respond to previously undisclosed software and hardware vulnerabilities
Investigate, document, and report on information security issues and emerging trends.
Coordinate with Intel analysts on open source activities impacting SLTT governments.
Integrate and share information with other analysts and other teams
Other duties as assigned
Recommend changes to enhance systems security and prevent unauthorized access client systems.
Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements.
Monitor threat & vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign techniques, lateral movements and extract indicators of compromise.
Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents and maintain case data in the incident response management platform.
Provide input, as requested, for Security, Risk, Compliance and Service reporting.In addition to the above, the SOC shift leader will be responsible for:
To ensure that handovers are carried out between shifts
To act as the point of escalation for the level 1 analysts and Juniors
To delegate tasks wherever necessary
To create and conduct service review presentations/reports and provide them to customers
To assist with reporting
To act as a mentor to level 1 analysts and Junior analysts
To report any team issues to the Team Lead so that resolutions can be quickly reached
To oversee any support tickets and to ensure that they are correctly handled and escalated/handed over as necessary
About The Candidate
Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
1-3 years' experience as a Security/Network Administrator or equivalent knowledge
Knowledge of various security methodologies and processes, and technical security solutions (firewall, SIEM and intrusion detection/prevention systems, vulnerability scanners, etc.)
Knowledge of TCP/IP Protocols, network analysis, and network/security applications; and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/wireshark), etc.
Excellent understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS
Ability to multi-task, prioritize, and manage time effectively
Strong attention to detail
Excellent interpersonal skills and professional demeanour
Excellent verbal and written communication skills
Excellent customer service skills
Proficient in Microsoft Office Applications
Candidate must be eligible to obtain Security Clearance In addition, the following are highly desirable:
Cyber Security Training Certifications
Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives.
Knowledge of multiple operating systems and applicable system administration skills
An understanding of threat analysis, threat hunting and intelligence feeds
About The Company
- LeedsClaranet combine pioneering technologies, practices, and expertise to propel our customers ambitions. Through a vibrant customer centric culture of collaboration, learning, and opportunity, we nurture a dynamic community of the best technology and service expertise spanning cloud, cybersecurity, networks, and unified communications.
Founded in 1996, Claranet has evolved into a multi-disciplinary technology services provider with global reach. The company has annualised revenues of circa £400 million, over 6,500 customers, and more than 2,500 employees in nine countries. In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds, or as homeworkers.
Claranet consistently appears in The Sunday Times Top Track 250 as one of the fastest growing privately-owned businesses in the UK. Our international success is driven by local service, out of local offices, using a mixture of local and international infrastructure, including hyperscaler clouds.
Claranet Cyber Security is a world class business unit within Claranet, designed to give customers access to market-leading information security services spanning; training, consulting, and managed services.
Claranet is a dynamic company in the corporate IT sector that is growing both organically and through acquisition. Claranet's strategy is to build long-term, trusted relationships with its customers by delivering market-leading, integrated managed services.
This is a great opportunity for a SOC Analyst ideally experienced in AlienVault already in an Analyst or Consultant role and/or with demonstrable SIEM experience, to support the SOC services for a global technology company.
The SOC is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.
Analyse, triage and respond to security events, alarms and escalations, acting as the 1st line security event analyst monitoring the Security Information and Event Management (SIEM) system. Providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation, and response routing.
We're working on building an ever-improving company based on openness, diversity, collaboration, and empathy as our core values, a company that aims to be inclusive for the diverse group of people we get to work with, and where everyone supports each other and celebrates successes together. We want our people to feel engaged, comfortable, and healthy-and to know that they can belong here, no matter their story or background. If this resonates with you, then come and join us