SOC Analyst / Engineer
Qualifications within the IT Security field desirable though not essential with exposure to either ArcSight or LogRhythm
Prepared to become SC and DV cleared
Salary: Up to £60'000 dependent on experience
We are looking to recruit a SOC Analyst on a permanent basis in the Malvern/Worcester area on behalf of a well-known organisation specialising in offering cyber security services to both defense and commercial businesses.
Working as part of a team of analysts, you will be specialising in proactively monitoring the businesses high profile IT estate, monitoring Security Incident Event Management (SIEM) systems and managing associated incident response processes, undertaking security vulnerability management and using threat intelligence alongside APT hunting tools to search for threats.
There are excellent opportunities for progression internally, with opportunities to move up the ladder into more senior roles and eventually management. In addition, you could look at a lateral move to other teams (e.g. Consultancy, Engineering, Architecture, Pre-Sales).
- Reporting directly to the shift Operations Lead, you are to support the sustainability of the SOCs protective monitoring services
- Provide monitoring, alerting and incident handling services within the SOC Act as the initial analytical reference point for identifying and then quantifying the nature and extent of an attack and offer initial professional advice relating to possible business impact
- Advise on incident containment measures
- Provide advice relating to potential mitigation measures in order to prevent, or limit future re-occurrence
- Develop and maintain a credible knowledge of current and emerging threats likely to effect the Integrity of the managed service you are protecting
- Develop a credible level of protective monitoring experience, and aspire to developing a good level of experience and knowledge regarding the capabilities offered by each SIEM used
Key skills and Experience
- Security Monitoring tools and their use (e.g. SIEM, IDS/IPS, DLP).
- Familiarity with ArcSight or LogRhythm
- Vulnerability Management
- Perimeter and host security intrusion techniques.
- Network Protocols.
- Threat Intelligence
- Relevant GIAC or CREST qualifications (e.g. GCIH, GCIA, GREM, CC NIA).
- Incident Response experience (from a Consultancy or SOC environment)
- Big Data / Security Analytics / Threat Hunting experience.
- Maintain a keen understanding of evolving Internet threats to ensure the security of client networks
- Perform other essential duties as assigned
- In addition, a key role within the SOC is keeping abreast of evolving Cyber threats and identifying new and sophisticated methods of detecting them across a customer's IT estate.
- Experience of maintaining a secure network through configuring and managing typical Security Enforcing Devices, such as Firewalls, Proxies, IDS/IPS devices. Knowledge of SNORT
- Strong understanding of network monitoring and packet analysis tools
- Significant experience with TCP/IP, Linux, UNIX, Windows, IP Routing
- Software engineering, programming or scripting knowledge. I.E Java, Net Intrinsic Factors Working to tight deadlines
- A sound knowledge of IT security best practice, common attack types and detection / prevention methods
- Experience of analysing and interpreting system, security and application logs
- In depth experience of network or security devices, routers, switches, hubs, firewalls, or SIEMS