About Ekco
Founded in 2016, Ekco is now one of the fastest growing cloud solution providers in Europe!
We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients’ existing technology investments.
In a few words, we take businesses to the cloud and back!
We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.
The role
We are growing our MSS SOC and Incident Response functions and we are looking for an experienced and highly skilled candidate to perform a hybrid role acting as a technical SME focused on SOC and Incident response. The Principal will lead and enhance our SOC and Incident Response functions, ensuring operational excellence, mentoring teams, and providing expert support during complex cybersecurity incidents. This role combines leadership with hands-on technical expertise to drive continuous improvement and protect our customers from evolving cyber threats.
Key Responsibilities
1. Incident Response
o Lead and support Incident Response (IR) efforts across the lifecycle, including preparation, investigation, containment, and forensic analysis.
o Manage high-pressure situations during security incidents, making critical decisions to mitigate risks effectively.
o Collaborate with internal and client teams to deliver timely and effective responses to cybersecurity threats.
2. SOC Operations
o Assist the Head of SOC in managing day-to-day SOC operations, ensuring exceptional detection and response services.
o Serve as an escalation point for complex security incidents, providing technical expertise and leadership.
o Conduct post-incident reviews to identify lessons learned and drive process improvements.
o Mentor and guide SOC analysts, fostering growth and enhancing team capabilities.
3. SOC Development and Continuous Improvement
o Assist the Head of SOC in driving the development and maturity of SOC capabilities, processes, and workflows.
o Configure and enhance SOC tools such as SIEM, EDR, and SOAR platforms to stay ahead of emerging threats.
o Develop and refine detection use cases, playbooks, and operational procedures to enhance efficiency and resilience.
4. Detection Engineering and Threat Hunting
o Design and implement advanced detection strategies to identify and mitigate emerging threats.
o Conduct proactive threat hunting activities using tools and frameworks such as MITRE ATT&CK.
o Continuously optimise detection capabilities to align with evolving attack vectors and threat landscapes.
5. Customer Engagement
o Lead client-facing activities across SOC and IR disciplines, including incident reviews, service improvement initiatives, and stakeholder communications.
o Deliver cyber incident exercises and simulations to prepare clients for potential threats.
About You
Technical Expertise
* Minimum of 5-6 years of proven experience in a SOC or IR environment.
* Deep understanding and expertise in analysing security logs, artifacts, and events to identify Indicators of Compromise (IOCs) and attack tactics, techniques, and procedures (TTPs).
* Strong knowledge of forensic investigations across Windows, Linux, and Unix environments.
* Deep understanding in the operation, configuration and deployment of SOC technologies, including SIEM (e.g., Sentinel, Splunk, QRadar), EDR (e.g., CrowdStrike, SentinelOne, Defender), and SOAR platforms.
* Strong practical knowledge of SOC Operating processes, Threat hunting and the development of response playbooks.
* Experience with forensic tools such as Magnet Axiom, Velociraptor, EnCase, and KAPE.
Leadership and Collaboration
* Proven ability to manage complex IR/SOC incidents and high-pressure situations.
* Experience mentoring and developing SOC teams and analysts.
* Excellent communication and interpersonal skills to communicate at both business and technical levels and manage customer relationships effectively.
Frameworks and Methodologies
* Familiarity with cybersecurity frameworks and threat models, including MITRE ATT&CK, STRIDE, NIST, and CIS.
* Strong understanding of the cyber kill chain and threat landscapes.
Organisational and Problem-Solving Skills
* Detail-oriented with strong organizational skills to manage multiple priorities.
* Proactive problem-solving mindset with a focus on innovative and practical solutions.
* Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively.
* Previous experience of mentoring and developing SOC teams and Analysts.
Bonus points
* Previous experience in an MSSP SOC and/or IR environment.
* Relevant SOC and or vendor certifications across SOC operations and technologies.
* Certifications such as CREST (CRIA/CCIM), GIAC (GCIH/GCIA/GCFA), CISSP, CISM are highly desirable.
* Hands-on experience designing and delivering cyber incident simulations.
* Experience with Malware analysis and reverse engineering.
Benefits/Perks
* ️ Time off - 25 days leave + public holidays.
* x1 day Birthday leave per year.
* Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice.
* Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice.
* ️ EkcOlympics - a global activity for fun!
* Learning & development - Unlimited access to Pluralsight learning platform.
* A lot of responsibilities & opportunities to grow (also internationally).
Why Ekco
* ️ Microsoft’s 2023 Rising Star Security Partner of the year.
* VMware & Veeam top partner status.
* Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards.
* Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging.
* We recognise the value of internal mobility and encourage opportunities for internal development & progression.
* Flexible working with a family friendly focus are at the core of our company values.
#J-18808-Ljbffr