SOC Analyst

TWX have partnered with a Cyber Security technology and service provider headquartered in Gloucestershire. They are looking to add multiple SOC Analysts to their current team, with the primary aim being to undertake and support the response to a cybersecurity event or incident as well as support other cyber services within the business.

The goal of the SOC is to minimise and control the damage resulting from cybersecurity incidents, provide practical guidance for the response, coordinate recovery activities, and work to prevent future incidents from reoccurring. Additionally, you will be helping with the monitoring of information security controls within the business by analysing alerts received in line with our information security policies and practices and dealing with any/all security incidents.

WHY?

• Working within a comprehensive team with decades of experience in Cyber and Incident Response
• £45K - £60K DOE
• Additional Training Budget
• 23 days Annual Leave + Bank Holidays + 3 days between Christmas and New Year.
• Private Healthcare Buyback Scheme
• Mostly Remote Working With irregular trips to the HQ in Cirencester or a serviced office space in Manchester (Once a month or once a quarter, as well as an expensed onboarding trip to the HQ shortly after start)
• 37.5 hours per week within a UK based rapid growth Cyber Business with a diverse client base + Early finish 1 day per week
• Vendor training and internal skills and knowledge transferring

Please note, this is a 24/7 SOC with 8 hour rotational shift patterns, please see (or request) corresponding rota for more information.

WHAT IS A TYPICAL DAY

Reviewing & Triage initial alerts

First point of escalation

Initial investigation

Clarify incident severity

Knowledge of security methodologies for investigation

Comfortable with RAW output

Threat Intel Info - against alerts

Threat Hunting

Internal Security and Log Management

On top of the SOC Management you can be working on other services:-

Dark Web monitoring service

Guiding and Shaping Ideas for Crisis Simulations (often around Threat hunting and what happens following one of the well known cyber threats all the way from insider threat and supply chain compromise to Ransomware.

Client Risk Compromise and Supply Chain Risk

CIS Based Gap analysis with our customers reviewing key parts of their cyber stack.

ACCOUNTABLITIES AND ACTIVITIES

Analytics

Use raw log sources and other security and operational tools to monitor and analyse the security posture of the IT estate and identify anomalous activity and behaviours.

Investigates defines and resolves complex issues.

Produce incident reports to present activity and outcome of operational security services and activity.

Select appropriately from applicable standards, methods, tools and applications.

Incident management

Aid with the investigation of security breaches following established procedures and make sure any recommended follow up actions are taken to ensure a reduction in the likelihood of reoccurrence.

Co-ordinate and manage all Incident Responses.

Make sure that all security incidents have been correctly prioritised and diagnose in according to agreed procedures.

Investigate the causes of incidents, document findings and seek resolution.

Ensure the escalation of any unresolved incidents has been completed according to agreed procedures.

Oversee the facilitation of recovery, following the resolution of incidents.

Make sure security incidents have been documented and closed according to agreed procedures.

Serve as a backup for security operations emergency response.

Facilitate collaboration between stakeholders who share common objectives.

Information security

• Review, update and, when needed, create IR polices, playbooks and standard operating procedures documentation.
• Use security tools and, where appropriate, develop scripts of your own tools to assist with the ongoing analysis of a security event or incident.
• Provide advice and guidance to other teams within the business on good practice and maintain relevant and current industry knowledge.
• In relation to active incidents, implement effective security controls to protect core business processes and data.
• Oversee, in relation to active Incidents, the operation and optimisation of security tooling/products, including network security (IDS/IPS/Firewalls), logging and auditing, event and incident management, and privileged access management controls.
• Act on security incidents, requests and events to ensure that threats, vulnerabilities and breaches are managed to minimise impact to confidentiality, integrity and availability of systems and data.
• Understand the requirement for and be able to assist in the creation of security risk, vulnerability assessments, and business impact analysis as required.

Security administration

Oversee the operation or support the operation of tools that contribute to effective security.

Take responsibility to make sure that the onboarding of any enhancements to the security tools, including deployment and on-going management and maintenance is completed.

Undertake periodic reviews of relevant information security policies and baseline control standards, by influencing required additional and updated controls based on the content of internal and external audit reports, trends derived from security operations, information from project-based activities and incident resolutions.

QUALIFICATIONS, TRAINING AND EXPERIENCE (E= Essential. D= Desirable, P= Preferred)

1.5+ years of experience within an enterprise-level SOC or CSIRT function. (E)

Experience with Malware tools and ability to analyse Malware. (E)

Security certificates such as: CISSP, CISM, GIAC, GCFE, GISP, GSEC, or CEH, would be preferable considered when discussing compensation, but these are by no means essential or expected for this position.

You will have a track record of technical delivery working within a fast-paced environment.

• In-depth experience in at least one technology tower out of

End-User Computing,

Hosting,

Networks,

Cloud,

Development.

• You will be confident in your technical expertise and can present yourself as a technical authority.
• Capable of breaching. (E)
• Can take a pragmatic view of the application of technologies; understanding the business application of them and able to identify a balance between the management of risk and the capability for the business to continue to operate.
• Communicates fluently, orally and in writing, and can present complex information to both technical and non-technical audiences.
• Experience of Security Monitoring tools.
• Experience of Vulnerability Management and Threat Intelligence.
• Knowledge of perimeter and host security intrusion techniques.
• Knowledge of commonly accepted information security principles and practices, as well as techniques attackers, use to identify vulnerabilities, gain unauthorised access, escalate privileges and access restricted information.
• You will be able to rapidly absorbs new information and apply it effectively.