Description
Lead SOC Analyst - Principal SOC Analyst - SOC Analyst - Security Analyst - Crest - OCSP - Remote - Inside IR35 - London - Birmingham - £500- £600 per day - SC clearance - 3-6 month contract - Start ASAP
The Role:
You are going to be responsible for handing security incidents received/escalated from the SOC Analysts (Tier 1 or Tier 2) and you will need to perform a business impact analysis on the security incident.
You will coordinate mitigation, response and investigation efforts when security incidents arise. You will determine and suggest containment, eradication and recovery actions to respond and remediate in a timely manner as well as keep monitoring the resolver groups for efficient turnaround times. There will be a requirement for you to participate in Incident Management team sessions (table-top exercises) as well as provide support and feedback to the SOC Analysts to improve their efficiency and know-how, you will be able to offer subject matter expertise to the SOC team.
Responsibilities/Must have:
- Minimum of 3-5 years' experience working in a SOC or incident response environment, threat hunting, forensics or similar role
- Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow up activity status.
- Remain current on cyber security trends and intelligence (open-source and commercial) in order to guide the security analysis & identification capabilities of the SOC team.
- Perform advanced event and incident analysis, including baseline establishment and trend analysis.
- Provide timely advice and guidance on the response action plans for events and incidents based on incident type and severity.
- Responsible for identifying training needs and building a training development plan for the Junior Analysts to the management team.
- Ensures that all identified events are promptly validated and thoroughly investigated.
- Stakeholder and Client Reporting.
- Oversee documentation owned by the SOC team including but not limited to Standard Operating Procedures (SOPs) and Operational Level Agreements (OLAs).
- Document and report changes, trends and implications concerning the design and integration of evolving systems and solutions.
- Improve and develop new content based on observed and measured SOC activity.
- Manage incidents up to the preliminary forensics processes.
- Familiarisation of the MITRE ATT&CK Framework.
Desirable Qualifications/experience:
- BSc in Cyber Security, Information Systems, Information Technology, or Computer Science (preferred)
- Security certifications: Any Crest Certification, any SANS Certification (GCIH preferred), OSCP, Security+,
- Scripting experience: Python, PowerShell, etc.
- Experience in the following technologies: Splunk, Splunk ES, Palo Alto Panarama, Wildfire, Azure Security Centre, Tenable SC.