SOC Analyst (Senior and Lead)

Scope & Objectives

We're looking for a highly motivated and detail-oriented Level 1 Cyber Security Operations Centre (SOC) Analyst to join our team. In this role, you will be on the front lines, helping to protect our organization from cyber threats.

You will be a part of a 24/7 team responsible for monitoring our systems, detecting potential security incidents, and initiating the incident response process.

Key Responsibilities

• Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes.
• Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents.
• Initial Incident Response: For confirmed incidents, you'll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation.
• Reporting and Documentation: You'll create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis.
• Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively.
• Excellent problem-solving abilities, strong attention to detail, and the capacity to work under pressure. You should be a strong communicator, both written and verbal, and be comfortable working in a team environment.
• Experience of SPLUNK within a Security Operations Centre (SOC).

Qualifications:

• Education: A bachelor’s degree in computer science, Cyber Security, Information Technology, or a related field is preferred. Relevant experience may be substituted for a degree.
• Knowledge: You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques.
• Certifications: While not required, certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role.