Security Analyst Network & Endpoint / SOC Security Specialist

Role Description: Security Analyst - Network & Endpoint / SOC Security Specialist

We are looking for a highly capable and technically skilled Security Analyst to join our cybersecurity team. This role focuses on network and endpoint security operations, threat intelligence, and incident response within a Security Operations Centre (SOC) environment. The successful candidate will have hands-on experience with leading security platforms and demonstrate the ability to operate at a team lead level.

Key Responsibilities:

• Network Detection & Response:
• Administer and optimise Darktrace for network threat detection, model tuning, and behavioural analysis.
• Investigate anomalies and escalate incidents based on network telemetry.
• Endpoint Protection:
• Deploy and manage CrowdStrike Falcon agents across enterprise endpoints.
• Maintain and update detection rules, ensuring alignment with threat intelligence.
• Security Operations Centre (SOC):
• Act as a Level 2 SOC Analyst and Incident Handler.
• Triage, investigate, and respond to security alerts and incidents.
• Collaborate with other SOC team members to ensure timely resolution and documentation.
• Threat Intelligence & Insider Threat Monitoring:
• Monitor threat feeds and manage Indicators of Compromise (IOCs).
• Conduct insider threat analysis and support investigations.
• Cloud & Identity Security:
• Use Microsoft Sentinel for incident investigation, alert correlation, and dashboard monitoring.
• Manage identity governance and conditional access policies via Microsoft Entra ID.
• Monitor Entra ID logs and integrate with Sentinel for rule-based alerting.
• Additional Technologies:
• Experience with Zscaler for secure web gateway and DLP.
• Exposure to Google SecOps is advantageous.
• Team Leadership:
• Operate at a team lead level, supporting junior analysts and coordinating operational tasks.
• Provide technical guidance and contribute to process improvement initiatives.

Preferred Certifications:

• Essential:
• CompTIA Security+
• Microsoft Certified: Security Operations Analyst Associate (SC-200)
• CrowdStrike Certified Falcon Administrator (CCFA)
• Darktrace Analyst Certification (if available)
• Desirable:
• GIAC Certified Intrusion Analyst (GCIA)
• EC-Council Certified Threat Intelligence Analyst (CTIA)
• Microsoft Certified: Identity and Access Administrator Associate (SC-300)
• CISSP or equivalent foundational certification