SOC - Security Specialist Level 3

Part of the Logicalis Managed Security team, the Security Senior Analyst role is responsible for managing services for Managed Security Service customers. The Security Specialist has the remit of assessing, discovering and directing remediation of security threats & vulnerabilities within client environments whilst working as part of a managed security team on various cyber security projects and tasks.

This role involves working at all levels with Solution Architects, Development Operations, Engineers, SOC Analysts, clients and other stakeholders in building and managing security architecture and systems which are kept up-to-date and relevant in the rapidly evolving Managed Security Services industry.

This is a senior technical role and the role holder is expected to provide 3rd and 4th line support for the current service platforms and services as well as supporting, mentoring and coaching colleagues. In addition, there will be a requirement to liaise with channel partners and vendors.

Key Accountabilities:

1. Handle internal and client escalations by engaging with key stakeholders.
2. Follow & oversee that the team follows published SOC policies and procedures.
3. Be a subject matter expert across Managed Security Service and be able to clearly articulate deliverables, limitations, feasibility, etc.
4. Thorough experience of the configuration, tuning and maintenance of SOC tools to improve detection capability and building re-usable visualisations / dashboards for security alert triage, threat hunting and similar use cases.
5. Develop Standard Operating Procedures (SOPs) and use cases for monitoring and handling different types of security events.
6. Threat intelligence gathering to ensure that detection methods are effective against current threats.
7. Hunt for suspicious activity based on anomalous activity.
8. Handling events as part of the Security Incident Management Process.
9. Work with both internal and external partners to investigate and advise on security incidents and anomalies.
10. Prepare detailed reports, providing information on findings, status and progress of investigations, as well as vulnerability and risk factors.
11. Serve as the senior technical escalation point and mentor for colleagues.
12. Produce incident response playbooks to drive a consistent approach to handling common incidents and improve operational processes.
13. Analysing structured security log data through the creation of aggregated / correlated reports or visualisations.
14. Identify and implement opportunities for innovative and continuous improvement.
15. Lead on customer incident response investigations and containment of threats, advising on remediation.
16. Participate in the Security Operations Centre on-call rotation.

Skills and Attributes for Success:

1. Excellent technical skills, knowledge and understanding of the Logicalis Managed Security Services portfolio, IT Applications, Networking and infrastructure.
2. Demonstrable ability to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets and events.
3. Ability to work under pressure including crisis situations while maintaining a high degree of attention to detail.
4. Experience responding to customer requests including senior management and executives.
5. Ability to quickly learn and adapt to new technologies and processes in a rapidly changing environment.
6. Excellent written and oral communication skills.
7. Self-motivated to improve knowledge and skills.
8. People orientated.
9. Goal and outcome focused.
10. An example of integrity.
11. A mind-set of continual service improvement.
12. Excellent inter-personal skills.

Qualifications & Experience:

1. Must meet or be eligible to obtain U.S. Government Security Clearance.
2. Typically 5+ years experience in IT Security including security operations and being a Sr/lead analyst in a SOC/MSSP or mature internal team.
3. Analysing & reviewing security logs from a range of sources, including SIEM - ideally Microsoft Sentinel, Splunk (Arcsight/Qradar/Logrhythm etc), IPS/IDS, Endpoint Security (e.g. Carbon Black); Windows Eventlog.
4. Threat Intelligence - in the context of using it in a Security Operations environment.
5. Securing services migrated to cloud platform (AWS/AZURE etc) preferred.
6. Industry recognised certifications such as: SANS GIAC GCIA, GCIH, GCFA, GNFA, GCTI, GREM or CEH, CISSP etc.
7. A related professional certification, for example; CISSP, CISM, CISA.
8. Solid IT and/or technology background.
9. Awareness of industry standards – PCI-DSS, ISO 27001, GPG 13 etc.
10. Awareness of common exploits and vulnerabilities.
11. Solid network engineering and server architecture awareness.
12. Previous hands on experience in network/server and security operational roles.

Salary Compensation Range: $90,300 to $121,900

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.