Our client is a pure-play cyber security consulting firm, due to a recent M&A and continued growth they are looking for a technical and commercial Senior SOC Analyst – Technical Lead to join the growing team.
As a technology-driven SOC, our client is actively integrating cutting-edge innovations, including SOAR platforms, to drive automation and streamline incident response. They are investigating the use of AI within the SOC to enhance threat detection, analysis, and remediation, enabling faster, smarter, and more effective cybersecurity operations.
As the Senior SOC Analyst - Technical Lead, your role will involve overseeing daily SOC operations, delivering advanced technical and security expertise to clients, supporting on-shift analysts, and continuously monitoring, assessing, and enhancing clients' overall security posture. You will be the client’s main point of contact and are responsible for building and nurturing those client relationships.
We are seeking a dynamic professional with a solid foundation in security operations, exceptional customer service skills, and hands-on experience in incident response and threat hunting. If you have a knack for mentoring and guiding junior team members, experience managing multiple clients at once and an unwavering enthusiasm for the cybersecurity industry, this role is for you. Your expertise will play a pivotal role in shaping the growth and innovation of the Security Operations Center (SOC).
This role combines hands-on technical expertise with client-facing responsibilities, offering a unique blend of responsibilities and the chance to contribute meaningfully to both team development and cutting-edge security operations.
Responsibilities include but are not limited to Senior SOC Analyst – Technical Lead:
* Mentorship and Team Support: Provide mentorship to Security Analysts while providing collaborative support to the broader Security Operations Centre (SOC).
* Incident Leadership: Act as a key liaison for the client’s senior management and external partners during security incidents, offering expert guidance and resolution strategies.
* Client Engagement: Build and maintain strong relationships with clients through regular communications and meetings, ensuring their needs are met and technical issues are addressed in collaboration with the Service Delivery Manager.
* Alert Management: Triage and analyse alerts from multiple SIEMs (e.g., Microsoft Sentinel, Customized ELK) and intelligence monitoring systems, escalating appropriately in line with Service Level Agreements.
* Incident Response: Investigate, mitigate, and remediate security incidents as part of a proactive cyber helpdesk function, working alongside the SOC team.
* Log Analysis: Conduct thorough log analysis during event and incident investigations to identify root causes and improve security posture.
* Reporting Excellence: Produce high-quality alerts, incidents, and threat intelligence reports tailored to client needs.
* Phishing Campaigns: Design phishing campaign templates, execute campaigns, and deliver comprehensive reports on their findings.
* Customer-Focused Expertise: Serve as a trusted security advisor to customers and SOC team members, offering actionable insights and expert support.
* Critical Escalation: Promptly escalate high-priority technical or security issues, delivering well-informed analyses to customers.
* Continuous Learning: Stay at the forefront of cybersecurity by researching emerging methods and techniques, continuously enhancing your expertise as a Senior Cyber Analyst.
* SOC Innovation: Collaborate with the senior SOC management team to drive operational improvements and elevate the SOC's overall effectiveness.
What are we looking for:
* Experience with ticketing systems including workflow, ticket routing and resolution documentation.
* Must have at least 2 years of commercial experience with MS Sentinel, including hands-on experience in investigations, developing and fine-tuning analytical rules, creating workbooks, and designing automation playbooks.
* Microsoft SC-200 is a mandatory requirement. SC-100, SC-300, SC-400, AZ-500 are highly desirable
* Knowledge/experience with EPP Tools such as Microsoft Defender for Endpoint, and SentinelOne.
* Strong problem-solving skills and the ability to make quick and effective decisions in high-pressure situations.
* Acquired SANS Certifications (desirable)