Lorien has partnered with a world ranking Logistics company in search of a SOC Analyst.
This role surrounds Detection & Response and you will be responsible for monitoring, detecting, triaging, and responding to security events and incidents in a global environment. Our client has a partner that does the tier 1 and 2 correlation and triage of security events.
Our Client utilizes a number of tools, namely: Microsoft Defender, Proofpoint, Microsoft ATP, Azure Active Directory (Azure AD), SentinelOne, Meraki, Palo Alto, Okta, Qualys, Splunk, but experience in similar tools is helpful.
They are an endpoint focused organisation so Any EDR experience is preferred (CrowdStrike, Defender, SentinelOne, Carbon Black, etc).
Furthermore, scripting/automation experience, or experience working in Azure or AWS is highly desirable.
Salary: up to £65,000 + Benefits
Fully Remote
Responsibilities:
-
Analyze and track the cyber threat landscape, including identifying and investigating cyber threats actors and their activities to enhance cyber security posture.
-
Perform security monitoring, security event triage, and incident response using SIEM and EDR solutions. Analyze alert patterns to provide recommendations for policy improvement.
-
Work collaboratively with multiple teams as well as subject matter experts to include network engineers, cloud and IT architects, and forensic investigators.
-
Stay current with and remain knowledgeable about new threats. Analyze threat actor tactics, techniques and procedures (TTPs) from security events across a large heterogeneous network of security devices and end-user systems.
-
Utilize security models and frameworks for documenting and tracking purposes, (e.g. MITRE ATT&CK framework, Cyber Kill Chain (CKC) framework)
Critical Skills:
-
Experience working in a 24x7 operational environment, with geographic disparity preferred.
-
Experience working with SIEM systems, Endpoint Detection and Response (EDR) solutions, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS), Data Loss Prevention (DLP) and other network and security monitoring tools.
-
Experience working with MSSPs
-
Experience with host level scripting, e.g. Bash, Batch, Powershell.
-
Relevant security experience within hybrid ecosystems (AWS/Azure/On-prem)
-
Experience with conducting threat hunts using and adhering to the MITRE ATT&CK framework
If you are interested in this exiting opportunity, please apply now.
Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.