Senior Soc Analyst
On site Stevenage
Inside IR35
Due to timescale of the project the ideal candidate will hold Active Security Clearance
24/7 Desk 12 hour shifts days 7am-7pm days or 7pm-7am nights
The Candidate
* Experience with LogRhythm/ Splunk, Darktrace (Threat Visualizer) and FireEye (EX, NX, HX, CMS) is required.
* Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, SSL, SMTP, FTP/S, LDAP/S.
* Knowledge or experience with any of the following is a plus: Observe IT, Symantec MessageLabs, IronPort, Splunk Phantom and Recorded Future.
* Experience or demonstrable knowledge in Incident response, log analysis and PCAP analysis
* Good level of understanding in the approach threat actors take to attacking a network; phishing, port scanning, web application attacks, DDoS, lateral movement.
* Knowledge in Windows and/or Linux operating systems, how to investigate them for signs of compromise.
* Ability to demonstrate the right approach to investigating alerts and/or indicators and document your findings in a manner that both peer and executive level colleagues can understand.
* Ability to track complex remedial activities from multiple sources and provide updates to the customer in a user centric way.
* Ability to clearly articulate cyber security risks against business outcomes and provide advice on the remedial actions that should be undertaken.
* Used to managing and collaborating with multiple team members and reporting progress to stakeholders.
* Experience in managing security incidents on behalf of stakeholders.
* Experience within Defensive Cyber-attack methodologies and frameworks.
* Foundational level of scripting knowledge is desirable.
* 3+ years' experience working within Security Operations Centres (SOCs) or as a security analyst to resolve security incidents across a range of tools as listed above.
* Excellent verbal and written communications