L3 SOC Analyst

Social network you want to login/join with:

Join a Leading Cyber Defence Operations Team and help safeguard against global cyber risks!

Location: Reading - 2 Days a week on site

Employment Type: Permanent

The Cyber Defence Operations team is responsible for protecting customers against cyber threats worldwide. The team’s mission is to enhance the global cyber defence posture and reduce cyber risks through operational leadership and capabilities. We’re looking for a Level 3 SOC Analyst to join our client's team, offering expertise in security analysis and incident response to help drive the success of their Cyber Security Operations Center (CSOC).

In this role, you will investigate and validate potential security threats, utilising a range of security tools and products. As a Senior Analyst, you will also work to mentor and uplift analyst skills and act as a key escalation point. The role will involve collaborating with global security teams, including CERT and Incident Management, to enhance overall security capabilities.

Key Responsibilities:

• Advanced Incident Response: Handle escalated security incidents that L1 and L2 analysts cannot resolve, such as sophisticated malware infections, APTs, and complex intrusions. Lead forensic analysis and threat hunting efforts to ensure rapid containment and recovery.
• Security Analysis and Root Cause Analysis: Conduct detailed analysis of security events to address current cyber threats. Participate in or lead security event analysis activities.
• Security Reporting and Advisories: Contribute to or lead the delivery of cyber security reports and advisories to key stakeholders.
• Residual Risk Assessment: Deliver post-incident analysis, technical lessons learned, and reporting to assess residual risk.
• Advanced SIEM Tuning: Refine and tune SIEM tools to reduce false positives and detect more sophisticated threats, ensuring optimal alert configurations.
• Automating Response Actions: Develop and improve SOAR playbooks to automate repetitive tasks and enhance the incident response process.
• Collaboration: Work closely with onshore teams to fine-tune alert volumes and contribute ideas for operational improvement.
• Threat Response: Engage in threat hunting from a blue team perspective, identifying potential threat group activity.
• Mentorship & Leadership: Mentor and encourage team members to create sustainable knowledge bases, playbooks, processes, and procedures.

Key Requirements:

• 4+ years of experience in SOC analysis, security event analysis, and incident response (Level 2 or above).
• Extensive hands-on experience in security event analysis and incident response.
• Deep knowledge of IPv4/IPv6, TCP networking protocols, and the OSI model.
• Expertise in security tools: SIEM (ArcSight, Sentinel, QRadar, Splunk), EDR (Microsoft Defender, FireEye), IDS/IPS, firewalls, proxies, web application firewalls, and anti-virus technologies.
• Strong knowledge of Linux and Windows operating systems.
• Familiarity with SOAR technologies (e.g., IBM Resilient, Splunk Phantom, SIEMplify) and cloud platforms (e.g., AWS, Azure, O365).
• Experience investigating intrusions in Linux and cloud environments.
• Proficiency in scripting, regular expression development, and query optimization (e.g., Kusto, SQL).

If you’re ready to step up your career in a dynamic and global environment, apply today to join a growing Cyber Defence Operations team and make an impact on the future of cyber security!