You are going to responsible for handing security incidents received/escalated from the SOC Analysts (Tier 1 or Tier 2) and you will need to perform a business impact analysis on the security incident. You will leverage a deep understanding of information security technologies, you will aid in triaging threat intelligence from multiple sources and add contextual information to the security incident, perform additional analysis and based on the business impact will recommend the response actions and escalation path. You may close, hold, return, or escalate the security incidents based on the business impact. The post holder also provides input on the mitigation and remediation response actions including escalating the security incident to the SOC Lead.
You will coordinate mitigation, response and investigation efforts when security incidents arise. You will determine and suggest containment, eradication and recovery actions to respond and remediate in a timely manner as well as keep monitoring the resolver groups for efficient turnaround times. There will be a requirement for you to participate in Incident Management team sessions (table-top exercises) as well as provide support and feedback to the SOC Analysts to improve their efficiency and know-how, you will be able to offer subject matter expertise to the SOC team.
You will be guided by Threat Intelligence which is actionable information (e.g. IOCs/TTPs), conduct threat hunting activities; leveraging and analysing sources of information as available through the SIEM, in addition identify and investigate potential suspicious activity as well as helping organisations identify, isolate and contain security issues.
As a Principal SOC Analyst, you will be the technical lead within the team. You will be responsible for asset discovery and report reviews, employing advanced threat intelligence techniques to identify cyber threats, conducting vulnerability assessments and find vulnerable entry- points, providing recommendations on ways to optimise our security monitoring tools. As a team we’re always looking to raise the bar, learn new things and incorporate new technologies and you will too! You’ll share your knowledge as a technical subject matter expert with the team.
- Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up activity status.
- Remain current on cyber security trends and intelligence (open-source and commercial) in order to guide the security analysis & identification capabilities of the SOC team.
- Provide oversight and guidance to junior analysts and fulfil SOC Manager responsibilities in the absence of the SOC Manager.
- Perform advanced event and incident analysis, including baseline establishment and trend analysis.
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
- Responsible for identifying training needs and building a training development plan for the junior analysts to the management team.
- Ensures that all identified events are promptly validated and thoroughly investigated.
- When necessary, and with the SOC Manager’s approval, devise and document new procedures.
- Identify opportunities for SOC and client system tuning.
- Stakeholder and Client Reporting.
- Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs).
- Document and report changes, trends and implications concerning the design and integration of evolving systems and solutions.
- Improve and develop new content based on observed and measured SOC activity.
- Manage incidents up to the preliminary forensics processes.
To be epic at the role you will have:
- Ability to lead and conduct investigations and report findings to leadership.
- Knowledge of
- cyber threats and vulnerabilities.
- adversarial tactics, techniques, and procedures.
- incident response and handling methodologies.
- risk management processes (e.g., methods for assessing and mitigating risk).
- threat hunting techniques, tools and operational procedures.
- IT architecture and operations (computing, network, storage & cloud).
- computer networking concepts and protocols, and network security methodologies.
- responding to regulatory requirements.
- Familiarisation of the MITRE ATT&CK Framework.
- Ability to deliver under pressure and prioritise and multi-task effectively.
- Experience and ability to develop the service to include writing scenarios and injects as well as coordinating tests.
- Customer focused and a strong verbal and written communicator.
- Strong interpersonal and communication skills with the ability to lead and work as part of a team.
- Team-oriented approach, skilled in working within a collaborative environment.
- Knowledge and practical experience in
- SIEM, Network IDS/IDP, Endpoint EDR
- Experience in the following technologies
- Splunk, Splunk ES, , Palo Alto Panarama, Wildfire, Azure Security Centre, Tenable SC.
- Email Protection, IR Workflow & Automation and Vulnerability Assessment
- Ability to analyse log files, packets and other security tool records for a diverse variety of systems.
- Understanding of how Virtualisation, Operating Systems, Middle Ware, Software Development Engineering and Network protocol functions.
- Knowledge of security policy and technical standard development, multi-tiered trust zone structures,
- Understanding of behaviour and capabilities of malware, rootkits etc.
Education & Preferred Qualifications
- Minimum of 3-5 years’ experience working in a SOC or incident response environment, threat hunting, forensics or similar role OR BSc in Cyber Security, Information Systems, Information Technology, or Computer Science (preferred)
- Security certifications: Any CREST Certification, any SANS Certification (GCIH preferred), OSCP, Security+,
- Scripting experience: Python, PowerShell, etc.
The group is a community of 130+ passionate people united by one overall mission... to make the world safer, one business at a time. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop for our people.
We work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible. Whether it's AI-driven ML-based threat intelligence or rapid start hybrid Cloud; our goal is to implement solutions that make us stand out in the market.