Join our 24x7 SOC team providing real time Threat Monitoring, Detection and Response services
- To be a key member of the 24×7 SOC and to provide real time Threat Monitoring, Detection and Response services.
- Providing situational security awareness by combining information from a variety of systems and normalizing / correlating the information.
- Identifying suspicious and / or anomalous activities and taking appropriate action based on documented processes and procedures.
- Checking system vulnerabilities and recommending remedial action to be taken.
- Performing analysis of log files.
- Threat Hunting.
- Assisting Customers with security related issues.
- Managing security incidents through all phases of the incident response lifecycle from identification through to closure.
- Undertaking monitoring system break / fix activity and escalating to on-call engineering teams where appropriate.
- Providing prompt and comprehensive client reporting, ensuring that all events and alerts of note are raised in relevant reports and comprehensive and helpful commentary is provided for clients.
- Coordinating, where applicable, with supporting third party security service vendors to triage alerts, events or incidents
- Analyzing security reports to identify trends and working with leadership to develop strategies to drive secure behaviours throughout the business
- Supporting and participating in weekly security operations calls
- Reporting progress and escalating in a timely manner to the Security Operations Manager
- Maintaining dashboards for management reporting and producing input to team updates
- Carrying out all activities in line with SOC policies and SOC procedures.
- Undertaking local reporting of issues into the SOC log and providing effective internal communication and handover to oncoming shift personnel.
- Continuously seeking to identify potential service / tool improvements which will enhance the delivered services.
- 2+ years of experience as SOC Analyst.
- Experience with leading SIEM solutions such as Microsoft Sentinel, Splunk, RSA Netwitness, Google Chronicle.
- Understanding of possible attack activities (e.g., network probing/ scanning, Denial-of-service attack (DDOS), malicious code activity, etc.), would be advantageous.
- Experience in developing and maintaining SOC playbooks
- Knowledge of Unix/Linux/Windows Administration and Logging, would be advantageous
- Candidate must possess strong communication skills, Self-starter and able to work independently, while also able to share responsibilities, ideas and other information
To apply for this job email your details to firstname.lastname@example.org