- 6 month initial contract + likely extensions
- Attractive daily rate
- Interviews next week!
We are seeking an experienced SOC Cyber Security Analyst to help protect our client's organization by employing a range of security tools and technologies and processes to prevent, detect and manage cyber threats.Responsibilities
To be a member of the Security Operations Centre (SOC), a team who deliver specific Cybersecurity Services to our client. The role is focused on delivering Intrusion Detection / Prevention services and assisting with Investigations as a result of escalated problems and security alerts from client security information & event management systems (SIEM). Additional activities include periodic and ad-hoc host Vulnerability Assessments and Application security assessments. Security policy enforcement is also key, and is achieved through various assurance activities such as auditing Firewalls, and conducting privilege account reviews etc.
You will be responsible for ensuring the integrity of client IT infrastructures and protecting the information systems residing upon them from external and internal attack / compromise.
L2 provide support to L1 services and will analyse security events that have been triaged by L1 services or where further assistance is needed. This will involve responding to incidents and determining the appropriate next steps for the investigation and any remediation action.
Analysts will operate as Subject Matter Experts and will provide the relevant assistance to the L1 SIEM analyst to support them. They will also initiate security incidents, creating tickets, and where appropriate, initiating the process leading to declaration of a major incident.
L2 Analysts will perform slow time analysis of data to identify trends or other suspicious behavior that is not captured by use cases.
They are also responsible for creation and maintenance of playbooks and other processes used by the team along with some basic SIEM administration; including improvements such as Use Case creation and onboarding of devices already supported by the platform.
- Analytics and rule authoring
- Fine tuning of alerting
- Level 2 support for security incidents
- Validate, suggest or create knowledge base articles
- Reviews and updates SIEM security incidents, suspicious events and analyses recommendation
- Work with L1 to decrease false positives
- Creates/maintains dashboards, correlation rules, thresholds etc.
- Report review
For more information please contact Michelle Kendirian at email@example.com