Menu
Warning This job advert has expired and applications have closed.

Level 3 SOC (Security Operations Centre) Analyst

Job details
Posting date: 02 September 2024
Salary: Not specified
Additional salary information: Excellent Benefits and Bonus
Hours: Full time
Closing date: 16 September 2024
Location: Crawley, West Sussex, RH10 1EX
Remote working: Hybrid - work remotely up to 2 days per week
Company: UK Power Networks
Job type: Permanent
Job reference: 79158_1725284940

Summary

SOC (Security Operations Centre) Level 3 Analyst

Reference Number - 79158

This SOC (Security Operations Centre) Level 3 Analyst position will report to the Cyber Security Operations Manager and will work within the Information Systems directorate based in our Crawley or Ipswich office. You will be a permanent employee.

You will attract a salary of £75,000.00 and a bonus of 7.5%. This role can also offer blended working after probationary period (6 months) - 3 days in the office and 2 remote

Close Date: 16/09/2024

We also provide the following additional benefits

  • Annual Leave
  • Personal Pension Plan - Personal contribution rates of 4% or 5% (UK Power Networks will make a corresponding contribution of 8% or 10%)
  • Tenancy Loan Deposit scheme
  • Tax efficient benefits: cycle to work scheme
  • Season ticket loan
  • Occupational Health support
  • Switched On - scheme providing discount on hundreds of retailers products.

DIMENSIONS:

  • People -Work collaboratively in a team of circa 14 permanent and temporary cyber security operations staff. Mentor Level 1 and Level 2 SOC Analysts, providing guidance and training.
  • Suppliers - regular interaction with technical resources provided by the outsourced Cyber Security Managed Service provider and cyber security tooling vendors.

Principle Responsibilities:

  1. Advanced Threat Hunting: analyse and assess multiple/complex threat intelligence sources and indicators of compromise (IOC) to identify new threat patterns, vulnerabilities and anomalies and, using this intelligence information and the available tooling, search the UKPN environment to find and remove 'hidden' threats, which may have initially evaded our detective controls defences.
  2. Policy Development: develop and create SOC policies, technical standards and procedure documentation in consideration of current industry best practice.
  3. Log Management: work with our MSSP and service owners to ensure onboarding of all log sources into the SIEM solution, create alert use cases to correlate suspicious activities across assets (endpoints, network, applications) and environments (on-premises, cloud) to identify patterns of anomalous activity.
  4. Incident Response: improve security incident response playbooks and processes, lead the response to escalated security alerts and events and high-severity security incidents, provide senior level response activities such as incident tracking, communication with partners, overseeing remediation and recovery actions, reporting and applying root cause analysis and lessons.
  5. Security Orchestration, Automation, and Response (SOAR): support and develop UKPN's SOAR platform, produce new workflows for automation using SOAR tools, automating our response to common attack types and enhancing operational playbooks to allow efficient correlation and enrichment of security events.
  6. Digital Forensics: identify, analyse and report on serious cyber security incidents. Using experience combined with industry tools and techniques, perform forensic analysis against information gathered from multiple data sources (endpoint event logs, SIEM data, dashboards, enterprise applications, network traffic patterns), and present consistent and reasoned action and response activities to ensure threats are contained and eradicated from UKPN's network systems.
  7. Cyber Crisis Scenario Testing: participate in regular cyber-attack simulation exercises to test the organisation's resilience to cyber threats and improve its cyber defences and attack preparedness.

Qualifications:

  • Considerable experience (commensurate to that of a subject matter expert) in a SOC Level 2 or 3 role with evidence of advanced threat hunting and incident response.
  • Must have specific SOC training or qualification or academic equivalent such as bachelor's degree in the field of Computer Science, Cybersecurity and IT, or related subject.
  • Ideally hold an industry recognised information security qualification such as CISSP, AZ-500, including knowledge of industry best-practice GIAC/GCIA/GCIH, or CompTIA Advanced Security Practitioner (CASP+), Certified Ethical Hacker (CEH) and/or SIEM-specific training and certification.
  • Experience or knowledge in log correlation and analysis, including chain of custody and forensics investigations and requirements.
  • An understanding of compliance and regulatory frameworks such as National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF) and SO/IEC 27001/27002, GDPR, CIS, NIST.
  • Working knowledge of security technologies including SIEM, SOAR, EDR, /AV, IDS/IPS, NAC, AD, DLP, Web Filtering, Email Filtering, Behavioural Analytics, TCP/IP Protocols, network analysis, and network/security applications.
  • Detailed knowledge of SIEM and SOAR solutions, Identity and Access Management and Data Loss Prevention technologies preferably including FortiSIEM, Q-Radar, McAfee Web Gateway, McAfee ePolicy Orchestrator, Darktrace and Microsoft Defender. Microsoft Sentinel experience an advantage.