TWX have partnered with a Cyber Security technology and service provider headquartered in Gloucestershire. They are looking to add a SOC Analyst to their current team of 11, with the primary aim being to undertake and support the response to a cybersecurity event or incident as well as support other cyber services within the business.
The goal of the SOC is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring. Additionally, you will be helping with the monitoring of information security controls within the business by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.
WHY?
Working within a comprehensive team with decades of experience in Cyber and Incident Response
£45K - £60K DOE
Additional Training Budget
26 days Annual Leave + Bank Holidays
Private Healthcare + Other Benefits
Hybrid Role working - The SOC team operates out of Manchester, however they are yet to have a defined office premises. Therefore they currently are extremely flexible with regards to in-office working and expect to move to 2 days a week on-site when they secure new premises.
37.5 hours per week within a UK based rapid growth Cyber Business with a diverse client base + Early finish 1 day per week.
Vendor training and internal skills and knowledge transferring
WHAT IS A TYPICAL DAY
Reviewing & Triage initial alerts
First point of escalation
Initial investigation
Clarify incident severity
Knowledge of security methodologies for investigation
Comfortable with RAW output
Threat Intel Info - against alerts
Threat Hunting
Internal Security and Log Management
On top of the SOC Management you can be working on other services:-
Dark Web monitoring service
Guiding and Shaping Ideas for Crisis Simulations (often around Threat hunting and what happens following one of the well known cyber threats all the way from insider threat and supply chain compromise to Ransomware.
Client Risk Compromise and Supply Chain Risk
CIS Based Gap analysis with our customers reviewing key parts of their cyber stack.
ACCOUNTABLITIES AND ACTIVITIES
Analytics
Use raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.
Investigates defines and resolves complex issues.
Produce incident reports to present activity and outcome of operational security services and activity.
Select appropriately from applicable standards, methods, tools and applications.
Incident management
Aid with the investigation of security breaches following established procedures and make sure any recommended follow up actions are taken to ensure a reduction in the likelihood of reoccurrence.
Co-ordinate and manage all Incident Responses.
Make sure that all security incidents have been correctly prioritised and diagnose in according to agreed procedures.
Investigate the causes of incidents, document findings and seek resolution.
Ensure the escalation of any unresolved incidents has been completed according to agreed procedures.
Oversee the facilitation of recovery, following the resolution of incidents.
Make sure security incidents have been documented and closed according to agreed procedures.
Serve as a backup for security operations emergency response.
Facilitate collaboration between stakeholders who share common objectives.
Please note, this is a 24/7 SOC with 8 hour rotational shift patterns, please see corresponding rota for more information or request this.
Information security
Review, update and, when needed, create IR polices, playbooks and standard operating procedures documentation.
Use security tools and, where appropriate, develop scripts of your own tools to assist with the ongoing analysis of a security event or incident.
Provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge.
In relation to active incidents, implement effective security controls to protect core business processes and data.
Oversee, in relation to active Incidents, the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, and privileged access management controls.
Act on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
Understand the requirement for and be able to assist in the creation of security risk, vulnerability assessments, and business impact analysis as required.
Security administration
Oversee the operation or support the operation of tools that contribute to effective security.
Take responsibility to make sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.
Undertake periodic reviews of relevant information security policies and baseline control standards, by influencing required additional and updated controls based on the content of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.
QUALIFICATIONS, TRAINING AND EXPERIENCE (E= Essential. D= Desirable, P= Preferred)
3+ years of experience within an enterprise-level SOC or CSIRT function. (E)
1+ year experience with Malware tools and ability to analyse Malware. (E)
Security certificates such as: CISSP, CISM, GIAC, GCFE, GISP, GSEC, or CEH, would be preferable and would be considered when discussing compensation, but these are by no means essential or expected for this position.
You will have a track record of technical delivery working within a fast-paced environment.
In-depth experience in at least one technology tower out of End-User Computing,
Hosting,
Networks,
Cloud,
Development.
You will be confident in your technical expertise and can present yourself as a technical authority.
Capable of breaching. (E)
Can take a pragmatic view of the application of technologies; understanding the business application of them and able to identify a balance between the management of risk and the capability for the business to continue to operate.
Communicates fluently, orally and in writing, and can present complex information to both technical and non-technical audiences.
Experience of Security Monitoring tools.
Experience of Vulnerability Management and Threat Intelligence.
Knowledge of perimeter and host security intrusion techniques.
Knowledge of commonly accepted information security principles and practices, as well as techniques attackers, use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
You will be able to rapidly absorbs new information and apply it effectively