Cyber Security Analyst

Job Description

Cyber Security Analyst(Third Line SOC - Team Lead)Employment Type - Full TimeWarrington - Remote First - WA3 6AX*Security clearance is needed for this role, so you should have active SC clearance or be willing to undergo the clearance process. *A global leader in the IT solutions space is currently seeking the expertise of a 3rd Line SOC Engineer; Team Lead, to join its growing ATC; Advanced Threat Centre, based in Warrington.The business boasts a proud heritage in Japanese innovation & sustainability and has successfully operated as a key player across the UKs IT landscape for the past 50 years, delivering critical digital solutions & services into almost every major industrysector today.Working as part of the wider SOC/ATC, youll ensure swift and proactive measures are implemented to mitigate imminent cyber threats and provide comprehensive threat protection and intelligence services for up to 15 customers across the UK.As technical/team lead, youll help to bridge the gap between 1st, 2nd and 3rd Line teams by improving processes and communication streams, upskilling junior team members and providing transparent and reliable support across the SOC. On a day to day, youllmonitor SIEM toolsets for alarms and events as well as suspicious activity across a broad range of dashboards to spot trends and initiate remediation processes in the event of a positive detection.Responsibilities:

• Responsible for 3rd line SOC operations, monitoring and threat hunting.
• Investigation of threats such as the recent Log4j vulnerability.
• Hypothesising threat hunt scenarios - enacting these with ad hoc searches and rule creation. Documenting these on DevOps repositories to allow SOC analysts to perform follow up hunts.
• Creating content for SIEM use cases and rules correlation to aid detection and reduce dwell time of an adversary in the customer network by analysing logs from multiple vendor equipment.
• Creating use cases to correspond with all areas of MITRE ATT&CK framework.
• Constantly reviewing intel sources (OSINT and paid) for IOCs and researching TTPs of APT groups to build complex threat hunting queries based on customer sector.
• Provide incident response teams with relevant logs to aid forensic investigations.
• Behavioural analytics monitoring and rule creation.
• Creating lists from OSINT sources of C2 and other adversarial IP to augment protection.
• Designing TTP based use cases to detect APT activity such as PowerShell and associated sub processes.
• SIEM alarm tuning.
• Mentorship of junior analysts to help them look beyond the alert.

Required Experience:

• Experience with SIEM Technologies & EDR Tools:

- Sentinel- Windows Defender- Logic Apps- O365 Security Stack

• Previous experience working with a Managed Service Provider
• Strong Security background and previous experience working in a SOC environment
• Expert knowledge on KQL used for Sentinel Analytics Rules, Advanced Threat Hunting and Workbooks.
• Azure, including Azure Monitor, Log Analytics Workspace and Azure Security.
• Microsoft Security Solutions
• Lead on the implementation of monitoring best practice and response
• Experience in incident/threat response
• Ability to document and explain technical details clearly and concisely both written and verbally
• Experience of and ability to coach and mentor 1st and 2nd line security analysts

Highly Desirable Experience:

• Kape, X ways & Velociraptor Experience

Benefits Package:

• Base Salary: £65,000 - £75,000
• Annual Bonus of 5%
• Pension - 10% Double matching contributions
• Health & Wellbeing: Private Medical/Dental Cover
• Annual Leave: 25 days plus Public Holidays + Buy and Sell up to 10 days
• Life Assurance: 2 x salary life assurance
• Excellent Career Development: Training & Certifications - Learning Budget

If youre interested in putting an application forward, then please apply below or contact us directly.Contact: ------------------------(Third Line SOC - Team Lead)Cyber Security Analyst

Keyskills :
CrestFirewallsIDSSentinel2nd LineEDRSIEMSOARTTPAzure3rd lineAnti VirusSOCSecurity Operations CentreDefenderDark WebThreat HuntingDynamic Malware AnalysisLogRythmnO365 Cyber Threat Intelligence