Senior Soc Analyst
On site Stevenage
Inside IR35
Due to timescale of the project, the ideal candidate will hold Active Security Clearance.
24/7 Desk 12 hour shifts: days 7am–7pm or nights 7pm–7am.
The Candidate
* Experience with LogRhythm, Splunk, Darktrace (Threat Visualizer), and FireEye (EX, NX, HX, CMS) is required.
* Demonstrable understanding of the OSI Reference Model and network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S.
* Knowledge or experience with any of the following is a plus: Observe IT, Symantec MessageLabs, IronPort, Splunk Phantom, and Recorded Future.
* Experience or demonstrable knowledge in incident response, log analysis, and PCAP analysis.
* Good level of understanding in the approach threat actors take to attacking a network; phishing, port scanning, web application attacks, DDoS, lateral movement.
* Knowledge in Windows and/or Linux operating systems, and how to investigate them for signs of compromise.
* Ability to demonstrate the right approach to investigating alerts and/or indicators and document findings in a manner understandable to both peer and executive level colleagues.
* Ability to track complex remedial activities from multiple sources and provide updates to the customer in a user-centric way.
* Ability to clearly articulate cyber security risks against business outcomes and provide advice on the remedial actions that should be undertaken.
* Experience in managing and collaborating with multiple team members and reporting progress to stakeholders.
* Experience in managing security incidents on behalf of stakeholders.
* Experience within defensive cyber-attack methodologies and frameworks.
* Foundational level of scripting knowledge is desirable.
* 3+ years' experience working within Security Operations Centres (SOCs) or as a security analyst to resolve security incidents across a range of tools as listed above.
* Excellent verbal and written communication skills.
#J-18808-Ljbffr