This major professional services client is looking for a Lead Security Operations Analyst (SOC) to join their Internal Security Operations team.
This Secuirty Operations Analyst opening is a key role working with external MSSPs to monitor, analyse, report and cyber security threats and respond accordingly. You will also work with the different internal business capabilities to ensure that security monitoring service is embedded into their systems.
Key Responsibilities
- Act as an escalation point for other security analysts in the SOC, including 3rd party MSSP and co-ordinate the SOC team response.
- Proactively monitor the network security sensors ensuring timely detection, investigation and remediation of potential threats.
- Use the advanced security analytics toolsets to monitor for emerging threat patterns and vulnerabilities, attempted or successful breaches
- Triage and manage incidents, events and queries.
- You will be part of on-call rota for SOC and required to be on-call for one week at a time during a month.
What will you need to do it?
- Prior experience working in a Security Operations Centre or Security Monitoring Team.
- Hands on SIEM and EDR tooling experience such as MS Sentinel, Defender Suite etc...
- Experience in end-to-end information security incident management and mitigating and addressing threat vectors including Advanced Persistent Threat (APTs), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, etc
- Experience with Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Web Application, Firewalls, Firewall logs, systems logs, web logs, application logs and Security Information and Event Management (SIEM) systems
- Experience in search query languages such as KQL, OSquery or SPL
- Solid experience of working in Cloud environments such as AWS, Azure, & GCP
- Experience with building threat-based Use Cases using frameworks such as MITRE ATT&CK
- Skills they'd love to see/Amazing Extras:
- Information Security and/or Information Technology industry certification (CISSP, SANS GIAC, SC-200, AZ-500 or equivalent)
- Current SC Clearance or be SC Clearable
This role has come about through internal promotions and is an exciting opportunity to join a major global client. As a reward for your expertise you will receive a comprehensive package of remuneration and on going training to develop your technical expertise and long term career aspirations.
Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.