SOC Analyst - QRadar, Crowdstrike, Enterprise Level Company
Posted 3 weeks ago by Job Board - Jobserve on JobServe
£475 Per day
Inside
Remote
City of London, UK
*Inside IR35* - 95% Remote, Shift Pattern Below.
5 Week Shift Pattern Explained:
- Week 1 - 4 Nightshifts > 3 Rest days
- Week 2 - 3 Days & 3 Nights with 1 Rest day in between
- Week 3 - 3 Rest days > 4 Dayshifts
- Week 4 & 5 - "Bank Week" for shift redundancy - Only 2 shifts are scheduled over a 14day period, with the option for additional shifts should this be required for scheduled/ad hoc cover.
- Week 6 - Repeats pattern
*Alternative 11am - 7pm Shift also available*
Key responsibilities of the position
- Act as a first line security event analyst monitoring the Security Information and Event Management (SIEM) System. Monitor the alarm console; provide initial analysis of logs and network traffic; and make security event determinations on alarm severity, escalation, and response routing.
- Provide first line telephone, e-mail and ticket routing services for security event notifications and incident response processes.
- Deliver first level investigation and remediation activities as a member of the Security Incident Response Team. Participate in Security Incident Response Team (SIRT) events: Conduct research and assessments of security events; provide analysis of Firewall, IDS, anti-virus and other network sensor produced events; present findings as input to SIRT.
- Participate in a Compliance/Vulnerability Assessment (VA) Scanning Capability. Follow a documented process for routine scanning of company infrastructure and network elements. Develop mitigation and remediation plans as a result of the vulnerability assessment findings.
- Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyze reports to understand threat campaign(s) techniques, lateral movements and extract indicators of compromise (IOCs).
- Create and update security event investigation notes, conduct shift change reports on open cases, and maintain case data in the Incident Response Management platform.
- Document information security operations policies, process and procedures.
- The post will require joining a 24/7 shift rota covering daytime, night time, and weekend work (adequate notification will be provided)
Qualifications
Essential Knowledge and Skills:
- A University degree level education or equivalent in Information Security, Forensics, or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis.
- Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false positives.
- A Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or equivalent certification would be advantageous.
- Intermediate knowledge of Information Security fundamentals, technologies, and design principals.
- Understanding or proven experience in securing Windows, Linux, Oracle and VM platforms.
- Understanding or proven experience of QRadar or similar Security Information and Event Management (SIEM) tools for analysing network and security incidents.
- Experience in Tenable Network Security Nessus, BeyondTrust Retina or similar Vulnerability Assessment (VA) scanner operations for identifying network and platform risks and MIS-configurations.
- Willingness to learn new skills and be self-motivated.
- Ability to work in a team environment, to work under pressure and show flexibility.
- Excellent verbal and written communication skills in English.
Please apply within for further details or call.
Alex Reeder
Harvey Nash