Senior SOC Analyst at IT Lab, Manchester
This is a fantastic opportunity for a 2nd line SOC Analyst to join our growing Security Operations Centre.
You will primarily handle security events of interest that have been triaged and escalated by Tier 1 Security Analysts within the team. You will use the tools and resources provided to correlate suspicious events, providing context around the event and provide an assessment of the risk/threat.
Working as part of the SOC team you will be responsible for the continuous monitoring of customer environments, via both SIEM, IDS and vulnerability assessment solutions. You will be required to interpret events from enterprise systems such as AV, IDS/IPS, EDR, FIM, Event Logs, Web and Mail Gateways as well as Firewalls and other Network Infrastructure.
As a Senior Analyst you must possess appropriate experience to make “next step” recommendations to customers when reporting incidents to them, providing not only context around the incident but also advice and suggestions on mitigations or investigate leads, therefore acting in a light CERT or Incident Response capacity.
You will be responsible for the development of IT Lab’s SIEM solution, providing design and tuning suggestions on Alarm and rule development, testing of alarms within pre-production environments and validation of alarms prior to them being activated on customer environments.
Duties and Responsibilities:
- Point of escalation on an on-call rota basis
- Training and mentoring of junior members of the SOC team
- Assisting in the definition of analysis procedures and protocols
- Responsible for the completeness and timeliness of all security incident related reporting against contract constraints and SLAs
- Seek and create opportunities to understand, contribute and support strategic SOC related initiatives
- Help develop incident response run books and formalise internal processes
- Oversee and review the monthly reports before being released to clients
- Coordinate or participate in individual or team projects
- Attendance of internal SOC bi-weekly briefing
- Deploying & configuring SIEM & EDR systems to client environments
- Investigating client malicious incidents and providing a full report on findings
- Analysing log data from various sources
- Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements
- Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise
- Write, modify, and fine tune, SIEM rulesets for improved alerting and reduction of false positives.
- Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
- Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents, and maintain case data in the incident response management platform.
- Forensic investigations of host-based systems and memory image analysis
Required knowledge and experience:
- Highly skilled in the system administration of multiple operating systems with a clear technical understanding (Windows, Linux, VM platforms)
- Full understanding of SIEM systems and other cybersecurity technologies: AlienVault, Splunk, Endpoint Detection & Response tools, Antivirus systems, Firewalls, IDS/IPS technologies, Forensic tools and open source tools
- Conversant with security best practices (including ISO27001) and relevant security legislation
- Must hold one or more relevant cybersecurity certification(s) (e.g. CISSP, GCIH, GMON, GCIA, GCWN, GCDA, GDAT, FOR500, FOR508, FOR578, CREST Registered Intrusion Analyst (CRIA), CREST Certified Network Intrusion Analyst (CC NIA), CREST Certified Host Intrusion Analyst (CC HIA))
- A wide awareness of Cyber Security and the Cyber Threat Landscape, with further knowledge on Open Source Intelligence, Network Forensics and Malware Analysis, would be beneficial
- A thorough understanding of internet communications protocols and in-depth packet analysis, including knowledge of how these protocols are commonly secured and exploited.
- An understanding of multiple operating systems and their programming interfaces such as UNIX Shell and PowerShell
- An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment
- Experience using Security tools, such as; vulnerability scanners, IDS/IPS, SIEM, Metasploit, and Kali
- An understanding of threat analysis, threat hunting and intelligence feeds
- Have an understanding of how to use forensic capture tools and techniques, and experience of analysing host-based forensic images and memory analysis with Volatility
- You can understand customer’s needs and deliver appropriate services
- You are a self-starter and keen to develop new services
- You can collaborate effectively within a team environment
- You have good communication skills
- You are keen to develop personally and help others do the same
- Excellent investigative skills, insatiable curiosity, and an innate drive to win
- Instinctive and creative, with an ability to think like the enemy
- Strong problem-solving and trouble-shooting skills
- Deep knowledge of hacker culture
Package and Logistics
• Package dependent upon experience
• 22 days’ annual leave
• Offices located in Swinton, Manchester
• Pension, healthcare (a whole array of benefits)
• 37.5 hours a week during standard business hours (Monday – Friday, 9am – 5.30pm)
Good luck and please bear in mind we receive a very high number of applications; we will endeavour to get back to all applicants, however, we thank you for understanding this is not always possible for unsuccessful applicants.
IT Lab is an equal opportunities employer and is committed to attracting and retaining the best talent.