The Security Operations team exists to protect the client by proactively detecting and responding to cyber security threats.
Working as a member of a growing team, you will provide defence against cyber-attacks and play a vital role in the monitoring, analysis and management of security events / incidents emanating from client networks and systems. This is a hands-on operational role where you will be deeply involved in day-to-day incidents using your broad experience to combat threats and resolve incidents in a timely manner.
This role requires willingness to work shifts (including unsociable hours and bank holidays where these fall into your shift pattern) as part of a 24×7 team. This role is based in our Northamptonshire office.
Application Close Date: November 29, 2021
Principal Duties and Responsibilities
- Responsible for providing Tier 2 case resolution, resolving complex security cases including generating initial reporting, providing follow-ups and requesting information and resolution activity.
- Day to day incident triage and escalation using contextual and threat intelligence
- Responsible for providing security expertise to escalated incidents
- Act as the incident handler for P1/P2 incidents
- Provide and support In-depth SIEM and Incident notification toolset administration and configuration
- Fully utilise threat intelligence capabilities for proactive threat hunting
- Responsible for providing communication directly with CyberClans’ customers regarding security incidents and other related topics.
- Aid in the development of incident response procedures and playbooks
- Technical liaison between other service lines including threat hunting, incident response and incident investigation.
- Contribute to the design and development of defence and respond strategies, knowledgebase and playbooks.
- Monitoring SIEM alerts effectively to minimize downtime and restore services.
- Ensure investigation steps are clearly documented and accurately escalated when needed.
- Responsible for producing and maintaining documentation relevant to the both the SOC and position.
- Responsible for updating and offering continual improvement to the knowledge base.
- Support the SOC team research global security events, issues and trends to produce security advisories for customers based on findings.
- Responsible for managing and configuring security monitoring tools.
- Investigating intrusion attempts and performing in-depth exploit analysis.
- Provide analytical feedback on client network traffic patterns.
- Provide analytical feedback related to malware and other network threats.
- Accept, manage and update service requests and incidents to ensure contracted Service Level Agreements are met.
- Guiding, coaching and mentoring analysts who are providing the core SOC functions, including but not limited to, alert triage, incident escalation, content creation etc.
Additional Duties and Responsibilities
- To continuously develop both technical and personal skills required within role and assist with development of other staff.
- Keep up to date on security developments and news
- Conducting cyber threat research and analysis for purposes of improving the strength of network security.
- Assist with defining, testing and operating new ways of working with new technology solutions or processes supplied to the SOC team.
- Participate in identification and delivery of Service Improvement Plans.
- Proactively support business KPIs.
- Work with the CyberClan global team when responding to security incidents.
- Understand and comply with all Information Security policies.
- Follow agreed security best practices and SOC processes
- Interact with strategic incident response and threat intelligence vendors.
- To undertake other responsibilities, training and tasks as reasonably requested by line management.
- Undertake periodic assurance reviews and produce associated reporting as required.
- Participate in CyberClan internal security awareness initiatives and other training requests
- Responsible and accountable for ensuring all employment legislative requirements are adhered including equality, diversity and health and safety issues.
- The job description may be altered at any time in line with the level of the post to meet changing requirements, but only in full consultation with the post holder.
- Educated to GCSE level or equivalent
- Cyber Security Qualification (COMPTIA or equivalent experience)
- ITIL Foundation
Skills, Knowledge and Experience:
- Previous experience in a similar position
- Knowledge and experience of SOC tooling to identify threats.
- Experience of collaboration tools
- Keen analytical mind and approach
- Proactively shares own expertise with others
- Knowledge and experience of IT systems, networking and security threat landscape including:
- Network fundamentals for example OSI stack, TCP/IP, DNS. HTTPS, firewall logs, packet capture and analysis.
- Cloud technologies (AWS, Google Cloud, Azure)
- Active Directory, Group Policies, PowerShell
- Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption)
- IDP/IPS Systems
- SIEM tools (such as Splunk)
- SOAR is an added advantage
- Knowledge of malware capabilities, attack vectors and impact.
- Knowledge of the MITRE ATT&CK framework to understand threat actors and how to mitigate them.
- Knowledge and experience in threat analysis.
- Excellent interpersonal skills sufficient to develop professional relationships and rapport amongst key stakeholders
- Strong team player
- Genuine enthusiasm and drive to work within cyber security.
- Excellent customer service skills
- Good written skills to write explanations of systems, regulations and or procedures.
- Good verbal communication
- Ability to identify and suggest continual improvement
- Good analytical and problem-solving skills
- Ability to adapt to organisational change
- Proven ability to manage varied workload
- Ability to work unsupervised and under pressure.