3rd Line SOC Analyst - Risley, United Kingdom - Anson McCade Ltd - IT and Finance Recruitment

Anson McCade Ltd - IT and Finance Recruitment

Verified Company

Risley, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

3rd Line SOC Analyst

Employment Type - Full Time

Warrington - WA3 6AX - Remote First

Security clearance is needed for this role, so you should have active SC clearance or be willing to undergo the clearance process.

A global leader in the IT solutions space is currently seeking the expertise of a 3rd Line SOC Analyst, to join its growing ATC; Advanced Threat Centre, based in Warrington.

The business boasts a proud heritage in Japanese innovation & sustainability and has successfully operated as a key player across the UK's IT landscape for the past 50 years.

Delivering digital solutions & managed services into almost every major industrysector today.

Working as part of the wider SOC/ATC, you'll ensure swift and proactive measures are implemented to mitigate imminent cyber threats and provide comprehensive threat protection and intelligence services for up to 15 customers across the UK.

As technical lead, you'll help to bridge the gap between 1st, 2nd and 3rd Line teams by improving processes and communication streams, upskilling junior team members and providing transparent and reliable support across the SOC.

On a day to day, you'll monitorSIEM toolsets for alarms and events as well as suspicious activity across a broad range of dashboards to spot trends and initiate remediation processes in the event of a positive detection.

3rd Line SOC Analyst Responsibilities:

Responsible for 3rd line SOC operations, monitoring and threat hunting.
Investigation of threats such as the recent Log4j vulnerability.
Hypothesising threat hunt scenarios enacting these with ad hoc searches and rule creation. Documenting these on DevOps repositories to allow SOC analysts to perform follow up hunts.
Creating content for SIEM use cases and rules correlation to aid detection and reduce dwell time of an adversary in the customer network by analysing logs from multiple vendor equipment.
Creating use cases to correspond with all areas of MITRE ATT&CK framework.
Constantly reviewing intel sources (OSINT and paid) for IOC's and researching TTPs of APT groups to build complex threat hunting queries based on customer sector.
Provide incident response teams with relevant logs to aid forensic investigations.
Behavioural analytics monitoring and rule creation.
Creating lists from OSINT sources of C2 and other adversarial IP to augment protection.
Designing TTP based use cases to detect APT activity such as PowerShell and associated sub processes.
SIEM alarm tuning.
Mentorship of junior analysts to help them look 'beyond the alert'.

Required Experience:

Experience with SIEM Technologies & EDR Tools: Azure Sentinel, Windows Defender, Logic Apps, O365 Security Stack
Previous experience working with a Managed Service Provider
Strong Security background and previous experience working in a SOC environment
Expert knowledge on KQL used for Sentinel Analytics Rules, Advanced Threat Hunting and Workbooks.
Azure, including Azure Monitor, Log Analytics Workspace and Azure Security.
Microsoft Security Solutions
Lead on the implementation of monitoring best practice and response
Experience in incident/threat response
Ability to document and explain technical details clearly and concisely both written and verbally
Experience of and ability to coach and mentor 1st and 2nd line security analysts

Highly Desirable Experience: