SOC Analyst

Job Title: SOC Analyst

Location: Reading, United Kingdom (Hybrid- 1-2 days/week)

Job Type: Contract Inside IR35

Client: Wipro

As an OT Senior Cyber Security Analyst, you will be responsible for maintaining SecOps (Security Operations) solutions, controls and processes across the organisation. You will be mentoring and assisting with leading the SOC team to ensure appropriate prioritisation and remediation of OT alerts and incidents. This role requires a deep understanding of SecOps concepts, technologies and best practices across IT and OT environments, as well as the ability to collaborate effectively with cross-functional teams. The ideal candidate will possess strong communication and incident management skills and will be committed to ensuring the highest level of security, compliance, and user experience.

This job involves:

Key Responsibilities

Expectations

Contextualize OT specific threats

Responsible for understanding the Operational Technology estate, specific OT threats and controls and mitigations that are in place. To be able to use tools such as Claroty to understand network traffic and OT hardware limitations to avoid downtime due to active scans.

Understand OT specific architecture frameworks

Reduce risks with overlaying context

Build direct relationships with Operations of the essential service alongside the OT team to understand and articulate operational risk and cyber risk.

Maintain Security Operations

Responsible for maintaining our security operations processes, including supporting an effective continuous improvement process surrounding the services provided. Familiarity desired with Microsoft security operations tools (e.g. Sentinel), and extensive knowledge of other security tools such as SOAR, EDR / XDR and IDAM.

Reductions over time in repetitive tickets/alerts demonstrating successful tuning of security tooling and processes.

Reduction over time in average time it takes to investigate and resolve security incidents demonstrating an increasing efficiency in SecOps processes.

Operational metrics evidencing the effectiveness of security controls.

Proactive Risk Remediation

Follow a risk-based approach to continually identify, analyse and evaluate the effectiveness of security controls and relate them to appropriate (and proportionate) security controls. Responsible for helping the business to deliver new security controls and for performing proactive activities (e.g. threat hunting) to continuously evaluate and uncover vulnerabilities throughout the technology stack.

Act as an ambassador within the Cyber Security team for the application of a risk-based approach and continuous risk reduction.

Collate the data supporting dashboards with robust SecOps metrics that evidence the tangible reduction in risk and technical debt.

Incident Readiness & Response

The Security Operations team holds primary responsibility for cyber security incident triage, management, and response. A consistent and reliable level of service is provided around both preparing the business for a significant cyber security incident and actual responses to live incidents. Responses to incidents are run in a structured, measured and auditable manner with continuous improvement integrated into incident management processes to ensure processes are always adapting to the changing threat landscape.

Reduction over time in business impacts experienced as a result of cyber security incidents.

Time between incident identification and remediation/closure reduces over time.

The business is periodically educated on incident management procedures and readiness activities.

All staff are aware of what constitutes a cyber security incident and how it should be reported.

Continuous Improvement

Demonstrate an ability to improve processes over time whether that be increases in efficiency or using automation. The more efficient SecOps processes are the shorter response time to incidents will be and the more time will be available to proactive security activities such as threat hunting.

Gradual improvement over time of operational efficiencies as reporting in metrics/KPIs/dashboards.

Demonstrable use of automation to eliminate manual processes.

Qualifications, Experience, Technical Skills

Strong analytical and problem-solving abilities

Some hands-on exposure to cyber security concepts and principles

Experience in working with third party delivery partners and MSSPs

Decision making and judgement

Ability to innovate technical solutions

Excellent planning and organising capabilities

Essential Experience

Minimum of 3 years of experience working with technical Cyber Security controls, preferably in an enterprise environment

Minimum of 3 years of experience in control systems of essential service (ICS, SCADA, CNI)

Exposure to working in or with a security operations centre (SOC)

Triaging problems or issues in a structured and disciplined manner

Experience in remediating cyber risks in ever-changing digital environments

Essential Technical Skills & Qualifications

Ability to explain complex IT / Security problems in a simple manner to non-technical audiences

Strong understanding of OT infrastructure, networking, and end-user computing.

Experience writing Kusto Query Language (KQL) for creating and tuning SIEM queries and alerts.

Proficient in configuration and troubleshooting of multi-factor authentication (MFA), Privileged Access Management (PAM) and Security Information & Event Management (SIEM) systems, in particular Microsoft Sentinel.

Desirable Experience

Familiarity with managing network security capabilities such as NAC (Network Access Control), Firewalls, Proxies/VPN, IDS/IPS, etc.

Leading and mentoring a team to deliver operational excellence.

Desirable Technical Skills & Qualifications

Degree in Cyber Security, Computer Science, Information Technology, Engineering, or related field.

Microsoft SecOps specific certification(s) e.g. Microsoft Security Operations Analyst (SC-200, AZ-900)

Any generic cyber security industry certification(s) such as CCSP, OT-specific certification(s) e.g. Claroty Cybersecurity Analyst