Job Title: L2 SOC Analyst
Location: Hybrid Worker (3 days office based) - York
Focus Areas: Microsoft Sentinel, XDR, SIEM, SOAR, Vulnerability Management
Key Responsibilities:
1. Security Monitoring and Incident Response:
Continuously monitor and investigate security events in Microsoft Sentinel and other SIEM/XDR platforms. Triage, analyze, and respond to security incidents (L2 escalations) involving malware, phishing, unauthorized access, data exfiltration, etc. Collaborate with L1 SOC Analysts to support escalations and provide guidance on more complex incidents. Use SOAR (Security Orchestration, Automation, and Response) playbooks for automated response and containment.
2. Threat Intelligence and Threat Hunting:
Conduct proactive threat hunting within customer environments using SIEM, XDR, and threat intelligence feeds. Analyze advanced persistent threats (APTs), malicious campaigns, and other cyber threats using threat intelligence.
3. Vulnerability Management:
Analyze vulnerability scans and assess the security posture of customer environments. Collaborate with customers' IT teams to prioritize and remediate critical vulnerabilities. Monitor and ensure patch management cycles are completed successfully.
4. Security Orchestration (SOAR) and Automation:
Create and maintain SOAR workflows to automate incident response actions like blocking IPs, isolating systems, and notifying stakeholders. Evaluate the effectiveness of SOAR playbooks and recommend improvements for better automation of routine tasks.
5. Platform Administration and Optimization:
Manage and fine-tune Microsoft Sentinel, XDR, SIEM, and SOAR platforms to ensure optimal performance and log ingestion. Maintain up-to-date security content such as detection rules, analytics queries, correlation rules, and response playbooks.
6. Reporting and Compliance:
Generate security reports, including incident summaries, threat intelligence, and vulnerability reports, for internal and client-facing purposes. Ensure compliance with security frameworks such as ISO 27001, NIST, GDPR, and industry-specific standards relevant to clients.
Required Skills and Qualifications:
1. Technical Expertise:
Strong experience with Microsoft Sentinel and other SIEM platforms (Splunk, QRadar, etc.). Familiarity with Extended Detection and Response (XDR) platforms (Defender, Trend Micro, etc.). Strong knowledge of Vulnerability Management tools (Tenable, Qualys, etc.) and processes. Proficiency with scripting languages (PowerShell, Python, KQL) for automation and threat hunting.
2. Security Fundamentals:
Strong knowledge of network security, firewalls, IDS/IPS, endpoint protection, and DLP solutions. Experience with incident response, malware analysis, forensics, and intrusion detection techniques. Familiarity with MITRE ATT&CK framework and TTP (Tactics, Techniques, and Procedures) of threat actors.
3. Problem Solving and Analytical Thinking:
Ability to analyze and interpret security events, logs, and incident data. Proficiency in building detection rules, analytics queries (KQL, SQL), and customizing SIEM dashboards.
4. Communication and Collaboration:
Strong communication skills for interfacing with clients, internal teams, and stakeholders. Ability to provide detailed incident reports and make security recommendations to improve security posture.
Certifications (Preferred but not mandatory):
* Microsoft Certified: Security Operations Analyst Associate
* CompTIA Security+
* Certified SOC Analyst (CSA)
* GIAC Certified Incident Handler (GCIH) or similar
* Familiarity with frameworks such as CIS, NIST CSF, ISO 27001, or SOC 2
Experience:
2-4 years of SOC experience, preferably in a Managed Security Services Provider (MSSP) or Managed Service Provider (MSP) environment. Previous experience working with enterprise-level clients on security monitoring, incident response, and vulnerability management.
Soft Skills:
Strong teamwork and collaboration in fast-paced environments. Ability to work under pressure and handle multiple incidents simultaneously. Eagerness to learn and keep up with evolving security threats and technologies.
#J-18808-Ljbffr