SOC Analyst

About The Role

Position Summary

SOC Analysts have responsibility for leading incident response efforts, monitoring security events, analysing logs and data for threats, providing proactive threat intelligence, managing security tools, mentoring shift leads, preparing comprehensive incident reports, conducting security assessments, coordinating incident handling, promoting security awareness, and driving continuous improvement within the SOC. The role is crucial in protecting the organisation and enhancing security operations to mitigate risks effectively.

Objectives and Key Results

The key objectives will be to:

• Be responsible for incident analysis, classification and response actions including notification and alerting.
• Monitor for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions to clients.
• Work with other SOC analysts, the Shift Lead, Senior SOC Analysts and the SOC Team Lead on any delegated tasks. This may include mentorship, rule tuning, threat hunting, reports and service improvements.
• Conduct incident triage on new tickets in line with established triage SLAs.
• Raise incidents to customers as appropriate, in line with established notification SLAs.
• Escalate incidents to a Level 1 SOC Analyst or Shift Lead as appropriate.

Including, for suitably experienced candidates:

• Be the point of escalation for Junior analysts.
• Assist with the training and further development of Junior analysts.
• Conduct threat hunting activity.
• Contribute to rule tuning/suppression/baselining activity as appropriate.
• Assist with monthly reporting and service review preparation as required.
• Support service improvement projects as required by Shift Lead or Level 2 analysts.

Teams to collaborate with

• Customer Experience and Managed Services - ensure we are consistently providing the best service to our customers, proactively monitoring their needs, and integrating their feedback into our future portfolio and propositions
• Engineering - ensure that customer onboarding and on-going tuning is carried out effectively, including reporting any technical issues with live services
• Security Optimisation - contribute to reporting and service reviews for customers, including identifying opportunities to improve the service we are delivering to customers

About You

Behavioural Competencies - Organisational and Behavioural

• Ability to multi-task, prioritise, and manage time effectively
• Strong attention to detail and intellectually curious
• Excellent interpersonal skills and professional demeanour
• Excellent verbal and written communication skills
• Excellent customer service skills
• Proficient in Microsoft Office applications
• Candidate must be eligible to obtain Security Clearance

Critical competencies - Technical

• Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
• 1-3 years' experience as a Security/Network Administrator or equivalent knowledge
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, SIEM and intrusion detection/prevention systems, vulnerability scanners, etc.)
• Knowledge of TCP/IP Protocols, network analysis, and network/security applications; and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/Wireshark), etc.
• Excellent understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS
• Incident Response: Strong knowledge and experience in handling security incidents, including identifying, analysing, and responding to security events in real-time
• Intrusion Detection and Prevention Systems (IDS/IPS): Familiarity with IDS/IPS technologies, their configuration, and their use in monitoring and protecting networks from potential threats
• Threat Intelligence: Understanding of threat intelligence feeds and their application in identifying and mitigating potential threats, as well as the ability to leverage threat intelligence platforms effectively
• Malware Analysis: Familiarity with basic malware analysis techniques, such as static and dynamic analysis, to identify and understand the behaviour of malicious software
• Vulnerability Management: Experience with vulnerability scanning tools, knowledge of common vulnerabilities and exposures (CVEs), and the ability to prioritise and remediate vulnerabilities effectively
• Endpoint Security: Understanding of endpoint protection technologies (antivirus, host-based intrusion detection systems, etc.) and the ability to monitor and respond to security events on endpoints
• Secure Network Architecture: Knowledge of secure network design principles, including segmentation, DMZ, VPNs, and network access controls
• Threat Hunting: Ability to proactively search for signs of potential threats or security breaches within the network environment using various techniques and tools
• Cloud Security: Understanding of cloud security concepts, including secure configuration, identity and access management (IAM), and monitoring of cloud environments
• Security Standards and Frameworks: Familiarity with industry security standards and frameworks such as NIST Cybersecurity Framework, ISO 27001, and CIS Controls

In addition, the following are highly desirable:

• Cyber Security Training Certifications, including:

• SANS

• CREST

• COMPTIA Network+, Linux+, Security+, CySA+

• Microsoft Azure Fundamentals (AZ-900) and Security Operations Analyst (SC-200)

• AWS Certified Cloud Practitioner

• Blue Team Level 1

• Experience of ticketing systems to manage communication with customers

• Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives