Job Summary
We are seeking an experienced and strategic Senior Security Analyst to join our team, with a strong emphasis on designing and enhancing our SIEM capabilities and security monitoring processes. In this role, you will lead efforts to monitor and analyze security events and alerts generated by our Security Operations Centre (SOC), assess their severity, and determine the appropriate response. As a senior member of the team, you will collaborate with Tier 2 and Tier 3 engineers to coordinate incident triage and escalate critical issues.
You will be instrumental in creating and refining SIEM use cases, developing advanced alerting mechanisms, and establishing effective response procedures to optimize SOC operations. Additionally, you will actively monitor threat intelligence sources for emerging threats, provide expert security guidance on project teams, and manage vulnerability scanning tools to maintain and strengthen our organization's security posture.
This role offers the opportunity to drive the continuous improvement of our threat detection and response capabilities, with a strong emphasis on refining security practices. Expertise in querying languages for SIEM policy development and advanced triage is highly desired for this position.
This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations, and in some situations may necessitate extended hours of work.
Responsibilities include:
1. Oversee security events and alerts generated by the Security Operations Center (SOC).
2. Perform initial analysis to determine severity of security events. First responder for alerts requiring immediate response and escalation. As senior analyst provide support where required for escalated incidents.
3. Triage confirmed security events and alerts, in coordination with Tier 2 and Tier 3 network and infrastructure engineers, following documented procedures.
4. Monitor and research threat and vulnerability news streams for relevant cybersecurity intel that may have an impact on the enterprise. Analyze reports to understand threat campaign(s) techniques and extract indicators of compromise (IOC).
5. Manage and create SIEM and SOAR custom correlation rules, dashboards, and reports. This will also include tasks like new data ingestion, normalization, rule deployment, and alert management.
6. Develop and implement detailed processes and response procedures to enhance overall SOC functions, including optimizing incident detection workflows, streamlining escalation paths, refining communication protocols, and integrating best practices for improved operational efficiency and effectiveness.
Skills & Competencies
1. Relevant experience working in a Security Operations Centre.
2. Relevant experience working with Crowdstrike, Microsoft Defender or Sentinel One.
3. Relevant experience monitoring and operating a SIEM/SOAR Platform.
4. Relevant previous experience with SIEM Splunk / LogScale / Humio querying language.
5. Good experience in the creation of SOC process and procedure documentation.
6. Previous experience with Tenable Security products or similar Vulnerability scanning solutions for identifying network and operating system risks and misconfigurations is desirable.
7. Expert understanding of all Windows operating systems (server and desktop) required.
8. Understanding of cloud environments (such as AWS, Azure, Google Cloud) and their security controls.
9. Understanding of High level log analytics (firewall logs, network logs, authentication logs, system logs, debug logs).
10. Understanding of security and network incident response protocols.
11. Understanding EDR / SIEM / SOAR.
12. Understanding of malware, including APT and other emerging threats.
13. Understanding of firewalls and IDS/IPS systems.
14. Understanding of Active Directory and Entra-ID.
15. Highly Desired proficiency in automation and scripting languages (such as Python and PowerShell) to streamline repetitive tasks and effectively analyze security data.
16. Structured, organized, self-motivated and proactive.
17. Ability to multitask, prioritize and manage time effectively.
18. Excellent attention to detail.
19. Excellent interpersonal skills and professional demeanor.
20. Excellent verbal and written communications skills.
21. Excellent customer service skills.
22. Fluent in English, written and spoken.
23. Good at working both independently and in teams.
24. Adaptable to a pressured, fast-paced environment.
Education
1. Blue Team Operations or Cyber Defense GIAC certified, or similar GIAC certification.
2. Certified Ethical Hacker (CEH), GCIH, OSCP.
ABOUT US
Chaucer is a leading insurance group at Lloyd's, the world's specialist insurance market. We help protect industries around the world from the risks they face. Our customers include major airlines, energy companies, shipping groups, global manufacturers, and property groups.
Our headquarters are in London, and we have international offices in Bermuda, Copenhagen, Dubai, and Singapore to be closer to our clients across the world. To learn more about us please visit our website.
Chaucer is committed to diversity, actively values difference and respects people regardless of the protected characteristics which are outlined in the Equality Act 2010 (UK legislation) as a result of the Equal Treatment Directive 2006 (EU legislation). A diverse workforce and an inclusive workplace are core to our success as a business and integral to our winning strategy and culture. We recruit from the widest available pool of talent, and our hiring, assessment and selection process is fair, free from bias and one which ensures we select the right person for the job, based on merit. We are committed to promoting a culture that actively values difference, and recognises that everyone has the right to be treated with dignity and respect throughout their employment.
We are open to considering flexible working arrangements for all roles and encourage you to outline your needs during the interview process.
#J-18808-Ljbffr