SOC Analyst

SOC Analyst

Our client, a leading global supplier for IT services, requires experienced SOC Analysts (Tier 2/L2 & Tier 3/L3) to be based at their client's office in Reading, UK.

This is a hybrid role - you can work remotely in the UK and attend the Reading office 3 days per week.

This is a 6+ month temporary contract to start ASAP

Day rate: Competitive Market rate

The client is seeking highly experienced SOC L2 and SOC L3 Analysts to strengthen their Security Operations Centre. As Tier 2 and Tier 3 CERT Analysts, candidates will lead the investigation and remediation of advanced cyber threats, leveraging cutting-edge tools such as Splunk, Microsoft Sentinel, CrowdStrike, and Defender and other security stacks. Candidates will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimise risk to the organisation and its clients.

The ideal candidates will have advanced expertise in monitoring, analysing, and mitigating cybersecurity threats, as well as managing security tools and mentoring Junior Analysts. This role involves proactive threat hunting, incident response, and collaboration with cross-functional teams to enhance the organisation's security posture.

Key Responsibilities

1. Incident Detection and Response:
1. Lead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs)
2. Utilise advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts
3. Take ownership of Tier 3-level escalations from Tier 1 and Tier 2 Analysts and guide them through complex incident response procedures (for Tier 3/L3)
4. Take ownership of Tier 2-level escalations from Tier 1 Analysts and guide them through complex incident response procedures (Tier 2/L2)

1. Threat Hunting & Analysis:
1. Proactively search for threats across the environment using behavioral analysis and threat intelligence data
2. Analyse data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity
3. Collaborate with other security teams to uncover hidden threats and vulnerabilities
2. Incident Forensics:
1. Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents
2. Collect, preserve, and analyse evidence related to breaches, intrusions, or malware infections while adhering to legal and regulatory requirements
3. Prepare reports and documentation that detail the findings, impact assessments, and remediation efforts
3. Remediation and Recovery:
1. Provide guidance on incident containment, eradication, and recovery processes.
2. Work closely with IT teams to implement remediation steps and ensure that compromised systems are properly cleaned and restored
3. Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks
4. Collaboration & Knowledge Sharing:
1. Work with internal stakeholders (eg, IT, network security, DevOps) to improve overall organizational security posture
2. Share knowledge, techniques, and findings with Tier 1, Tier 2 and Tier 3 teams to improve detection and response capabilities
3. Participate in post-incident reviews and recommend improvements to processes, tools, and techniques
5. Security Intelligence & Research:
1. Stay up-to-date with the latest cybersecurity trends, vulnerabilities, and attack techniques
2. Contribute to the enhancement of threat intelligence by sharing research findings on emerging threats
3. Develop and maintain custom detection signatures or playbooks to enhance detection and response capabilities
6. Reporting & Documentation:
1. Create detailed incident reports, including technical analysis and recommendations for mitigation
2. Present findings to management and external stakeholders, such as clients or regulatory bodies, when necessary
3. Ensure proper documentation of incident response workflows, timelines, and action items for continuous improvement
7. Compliance and Risk Management:
1. Ensure all incident response activities align with industry standards, regulations, and best practices (eg, NIST, ISO 27001, GDPR, HIPAA)
2. Work with legal and compliance teams to manage incidents within the scope of data privacy laws and regulations

Key Requirements

• Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field

Experience:

• Minimum of [6-8] years of experience in cybersecurity, with incident response, digital forensics, or threat hunting
• Strong experience in handling complex cyber incidents (eg, APTs, ransomware, data breaches)
• Hands-on experience with SIEM platforms (eg, Splunk, ArcSight, LogRhythm) and endpoint detection/response (EDR) tools

Technical Skills:

• Proficient in incident response tools and techniques, including network and system forensics, malware analysis, and memory analysis
• Expertise in analysing and responding to threats on different platforms (Windows, Linux, cloud environments, etc.)
• Familiarity with Scripting languages (Python, PowerShell, etc.) to automate tasks or create custom detection methods

Certifications (Preferred):

• Certified Information Systems Security Professional (CISSP)
• Certified Incident Handler (GCIH, EC-Council)
• Certified Forensic Computer Examiner (CFCE)
• GIAC Certified Forensic Analyst (GCFA)
• GIAC Certified Intrusion Analyst (GCIA)

Analytical Skills:

• Strong analytical thinking, with the ability to connect seemingly unrelated pieces of information to identify threat
• Excellent troubleshooting, problem-solving, and decision-making skills

Soft Skills:

• Strong communication and collaboration skills for working across various teams
• Ability to create clear, actionable reports and present findings to technical and non-technical stakeholders
• Ability to work in high-pressure situations and handle escalated incidents effectively

Work Environment and Conditions:

• Work will be performed in a fast-paced, dynamic security operations environment
• Ability to work after hours and on weekends when incidents arise
• Possible on-call rotations for urgent incident response needs

Due to the volume of applications received, unfortunately we cannot respond to everyone.

If you do not hear back from us within 7 days of sending your application, please assume that you have not been successful on this occasion.