Vacancy overview

• Analysis and investigation of alerts arising from Security Information and Event Management tools

• General day to day maintenance of the SIEM technology stack, including refinement of rules, alerts and reports arising from both traditional SIEM and Next Gen User Behaviour Analytics (UBA) tools

• Full ownership of the Security Incident management process, including customer notification, severity-based prioritisation, investigation, regular customer updates, identification of remedial actions, reporting and closure

• Using SIEM and UBA tools to track and analyse events and abnormal user behaviours in order to identify and understand potential breaches, malware and other malicious activities

• Using Threat Intelligence Services to identify both known and potential new threats and develop new mitigations

• Working with customer security teams to detect, contain and eradicate threats

• Basic programming

• Scripting

• IT expertise

• Linux experience

• Good understanding of wider IT and security related toolsets such as firewalls, endpoint and Active Directory

• Work independently

• Works collaboratively within a team

• Has a passion for Security

• Enjoys solving problems

• Is naturally inquisitive

• Understands the phases of security incident response and the Cyber Kill Chain

• Has a passion for learning to better themselves and the SOC Team

• Has the desire to use their skills in ways which can improve the function of the SOC Team, e.g. improve documentation and process workflows

• Enjoys research into emerging threats in the cyber security landscape and identifying and analysing real-world threats

• Enjoys attending Security events and is commitment to continual development of themselves and the wider team

Working hours: Our SOC operates 24/7/365. This role follows a dedicated shift pattern, where the SOC Analyst will work:

• 4 days from 8am to 8pm (12 hour shift)

• 4 days/nights off

• 4 nights from 8pm to 8am (12 hour shift)

• 4 days/night off