Role Description

SOC Analyst at IT Lab, Manchester

Company Background

At IT Lab, we help customers to navigate the changing world of technology. We are taking on new and exciting challenges specifically targeted at helping our clients deal with the ever-changing cyber threat. If you want to help UK businesses be more secure, join us in expanding our operational security operations centre.

The cyber team has grown rapidly over the past 12 months, including the acquisition of an expert and highly accredited Penetration Testing and Security Consultancy capability. IT Lab Cyber has an integrated set of capabilities that can provide services to customers across the cyber security life cycle. As a managed security services provider, with a strong technical testing and consultancy core, we can offer advice, operations and remediation in tandem with the wider technology services operations that are carried out by IT Lab. We are looking for ambitious individuals to join the team and help to secure our customers and keep malicious actors at bay. 

IT Lab is a successful, ambitious and rapidly growing organisation: backed by ECI Partners in 2016, we are funded for organic and acquisitive growth and the cyber team is an important strategic part of this growth. We deliver a valuable set of strategic and innovative cyber services that are highly relevant to IT Lab’s customers and which complement the other services that the firm offers. 

The Role

The SOC Analyst role is part of the SOC and sits within the Cyber Services Department of IT Lab. You will be joining an exciting and growing part of the business, working in a dynamic environment. The team are responsible for cyber security of internal IT Lab and client environments.

The role would suit an experienced analyst having previously worked in a SOC environment. There is no fixed technology stack that you will need to be an expert with, as many skills are transferrable, however you will need to be analytical by nature, have a desire to work hard, be keen to learn new technology and be adaptable to new and challenging situations.

Duties and Responsibilities: 

  • Analyse, triage and respond to security events, alarms and escalations as required, acting as the 1st line security event analyst monitoring the Security Information and Event Management (SIEM) system. Monitor the alarm dashboard, providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation, and response routing.
  • Recommend changes to enhance systems security and prevent unauthorized access to IT Lab and Client systems.
  • Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements.
  • Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise.
  • Write, modify, and fine tune, SIEM rulesets for improved alerting and reduction of false positives.
  • Analyse log data from various sources
  • Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
  • Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents, and maintain case data in the incident response management platform.
  • Provide input, as requested, for Security, Risk, Compliance and Service reporting

Required knowledge and experience:

  • Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives.
  • A University degree level education (or equivalent professional certifications) in Information/Cyber Security, Forensics, or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis.
  • Knowledge of multiple operating systems and applicable system administration skills (Windows, Linux, VM platforms).
  • Experience using Security tools, such as Vulnerability scanners, IDS/IPS, SIEM, Metasploit, etc.
  • Detailed understanding of TCP/IP and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/wireshark), etc.
  • An understanding of threat analysis, threat hunting and intelligence feeds
  • Excellent understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS.

Desirable knowledge and experience:

  • Host based forensics
  • Experience of coding in any of the following languages
  • Javascript
  • Python
  • Perl
  • PHP
  • Powershell
  • Bash
  • C# / VB .Net
  • Experience with SQL and or defining database schemas
  • Experience in writing Yara or ClamAV signatures
  • Malware analysis and sandboxing
  • Experience in writing Regular Expressions

Location and environment

This role will be based in our office located in Lowry Mill, Swinton; however, you will work amongst a team split across the UK & South Africa.

We are a dynamic and fast-growing company that truly values and is reliant upon our people, our culture and our commitment to excellence we call Service Obsession. Being the best means having the best people, and getting the best people means being the best place to work. 

We like to laugh, we like to do things together and among all the challenges of growing a fast-paced business, we endorse people being themselves, allowing them to focus on outcomes and substance rather than form. 

If you think you are a result oriented, positive self-starter then the Lab is the place for you.  

Package and Logistics

  • Package dependent on experience
  • 22 days’ annual leave
  • Offices located in Swinton, Manchester
  • Pension, healthcare (a whole array of benefits)
  • Working hours of 37.5 hours per week, between 9.00am – 5.30pm, Monday to Friday

Good luck and please bear in mind we receive a very high number of applications; we will endeavour to get back to all applicants, however, we thank you for understanding this is not always possible for unsuccessful applicants.

IT Lab is an equal opportunities employer and is committed to attracting and retaining the best talent.