Description
Venesky-Brown's client, a public sector organisation in Edinburgh, is currently looking to recruit a Lead SOC Engineer for an initial 6 month contract with the potential to extend - on a rate of £700-£800/day (inside of IR35). Due to the current circumstances this role will be remote based for the foreseeable future.Responsibilities:
- Integrating existing security tooling into QRadar as appropriate SEPM, SCEP, Illumio, CyberArk etc
- Tuning offenses to ensure appropriate prioritisation and visibility
- Defining playbooks to support the most critical alerts
- Defining appropriate security dashboards with supporting documentation
- Work with the appropriate IT team to remove false-positives/network noise
- Developing incident response plans and working with customers to contain identified threats
- Work with the IT Security team and Infrastructure team to deliver automated actions through IBM Resilient where appropriate
- Lead on the integration of an automated incident response tool such as Splunk On-Call, OpsGenie etc
- Ensure the threat intelligence feed is integrated into the appropriate offenses with sufficient prioritisation
- Define and implement threat hunting processes, utilising the tools available
- Integrate Azure Sentinel alerts
- Integrate 3rd party SIEM alerts such as from AlertLogic
- Define, produce and document regular MI reports
- Develop the skills of the IT Security Team
Essential Skills:
- Experience of multiple Information Security and Cyber technical domains within a corporate environment
- In depth hands-on experience of IBM QRadar and Resilient
- Working knowledge of Best Practice Security Standards and Principles eg ISO/IEC 27001, NCSC Security Cloud Principles, NIST etc
- Previous experience coaching and providing feedback
- Professional Security Qualification eg CISSP, IBM Certified Deployment Professional IBM QRadar SIEM, IBM Certified SOC Analyst IBM QRadar SIEM etc
Desirable Skills:
- Exposure to Azure cloud security monitoring including tooling, log collection and log analysis.
If you would like to hear more about this opportunity please get in touch.