Senior Soc Analyst
On site Stevenage
Inside IR35
Due to timescale of the project the ideal candidate will hold Active Security Clearance
24/7 Desk 12 hour shifts days 7am-7pm days or 7pm-7am nights
The Candidate
Experience with LogRhythm/ Splunk, Darktrace (Threat Visualizer) and FireEye (EX, NX, HX, CMS) is required.
Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S.
Knowledge or experience with any of the following is a plus: Observe IT, Symantec MessageLabs, IronPort, Splunk Phantom and Recorded Future.
Experience or demonstrable knowledge in Incident response, log analysis and PCAP analysis
Good level of understanding in the approach threat actors take to attacking a network; phishing, port scanning, web application attacks, DDoS, lateral movement.
Knowledge in Windows and/or Linux operating systems, how to investigate them for signs of compromise.
Ability to demonstrate the right approach to investigating alerts and/or indicators and document your findings in a manner that both peer and executive level colleagues can understand.
Ability to track complex remedial activities from multiple sources and provide updates to the customer in a user centric way.
Ability to clearly articulate cyber security risks against business outcomes and provide advice on the remedial actions that should be undertaken.
Used to managing and collaborating with multiple team members and reporting progress to stakeholders.
Experience in managing security incidents on behalf of stakeholders.
Experience within Defensive Cyber-attack methodologies and frameworks.
Foundational level of scripting knowledge is desirable.
3+ years' experience working within Security Operations Centres (SOCs) or as a security analyst to resolve security incidents across a range of tools as listed above.
Excellent verbal and written communications