SOC Analyst
Posted 2 weeks ago by Whitehall Resources Ltd
Negotiable
Inside
Onsite
Reading, Berkshire, UK
Summary: The SOC Analyst role at Whitehall Resources involves leading investigations and remediation of complex security incidents, utilizing advanced security tools and collaborating with various teams to enhance the organization's security posture. The position requires a strong background in cybersecurity, incident response, and threat hunting, with a focus on proactive threat detection and incident forensics. The role is based in Reading and requires three days of on-site work each week, falling inside IR35 regulations.
Key Responsibilities:
- Lead investigations and remediation of complex security incidents.
- Utilize advanced SIEM tools and threat intelligence platforms to analyze security alerts.
- Take ownership of Tier 2-level escalations from Tier 1 analysts.
- Proactively search for threats using behavioral analysis and threat intelligence data.
- Analyze data from logs, network traffic, and endpoint activities to detect malicious activity.
- Perform in-depth forensic analysis to determine the scope and root cause of incidents.
- Provide guidance on incident containment, eradication, and recovery processes.
- Collaborate with IT teams to implement remediation steps.
- Share knowledge and findings with Tier 1 and Tier 3 teams.
- Stay up-to-date with cybersecurity trends and contribute to threat intelligence enhancement.
- Create detailed incident reports and present findings to stakeholders.
- Ensure compliance with industry standards and regulations.
Key Skills:
- Bachelor's degree in Computer Science, Information Technology, or related field.
- 6-8 years of experience in cybersecurity, incident response, or threat hunting.
- Strong experience in handling complex cyber incidents.
- Hands-on experience with SIEM platforms and EDR tools.
- Proficient in incident response tools and techniques.
- Expertise in analyzing threats on various platforms.
- Familiarity with scripting languages for automation.
- Certifications such as CISSP, GCIH, CFCE, GCFA, or GCIA preferred.
- Strong analytical thinking and problem-solving skills.
- Excellent communication and collaboration skills.
- Ability to work under pressure and handle escalated incidents.
Salary (Rate): £Market Rate
City: Reading
Country: UK
Working Arrangements: on-site
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
SOC Analyst
Whitehall Resources currently require an experienced SOC Analyst to work with a key client
*Please note this role falls INSIDE IR35*
*This role requires 3 Days onsite in Reading weekly*
Your responsibilities:
Incident Detection and Response:
o Lead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs).
o Utilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts.
o Take ownership of Tier 2-level escalations from Tier 1 analysts and guide them through complex incident response procedures.
Threat Hunting & Analysis:
o Proactively search for threats across the environment using behavioral analysis and threat intelligence data.
o Analyze data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity.
o Collaborate with other security teams to uncover hidden threats and vulnerabilities.
Incident Forensics:
o Perform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents
Remediation and Recovery:
o Provide guidance on incident containment, eradication, and recovery processes.
o Work closely with IT teams to implement remediation steps and ensure that compromised systems are properly cleaned and restored.
o Collaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks.
Collaboration & Knowledge Sharing:
o Work with internal stakeholders (eg, IT, network security, DevOps) to improve overall organizational security posture.
o Share knowledge, techniques, and findings with Tier 1 and Tier 3 teams to improve detection and response capabilities.
o Participate in post-incident reviews and recommend improvements to processes, tools, and techniques.
Security Intelligence & Research:
o Stay up-to-date with the latest cybersecurity trends, vulnerabilities, and attack techniques.
o Contribute to the enhancement of threat intelligence by sharing research findings on emerging threats.
o Develop and maintain custom detection signatures or playbooks to enhance detection and response capabilities.
Reporting & Documentation:
o Create detailed incident reports, including technical analysis and recommendations for mitigation.
o Present findings to management and external stakeholders, such as clients or regulatory bodies, when necessary.
o Ensure proper documentation of incident response workflows, timelines, and action items for continuous improvement.
Compliance and Risk Management:
o Ensure all incident response activities align with industry standards, regulations, and best practices (eg, NIST, ISO 27001, GDPR, HIPAA).
o Work with legal and compliance teams to manage incidents within the scope of data privacy laws and regulations.
Essential skills/knowledge/experience:
. Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field.
Experience:
o Minimum of [6-8] years of experience in cybersecurity, with incident response, digital forensics, or threat hunting.
o Strong experience in handling complex cyber incidents (eg, APTs, ransomware, data breaches).
o Hands-on experience with SIEM platforms (eg, Splunk, ArcSight, LogRhythm) and endpoint detection/response (EDR) tools.
Technical Skills:
o Proficient in incident response tools and techniques, including network and system forensics, malware analysis, and memory analysis.
o Expertise in analysing and responding to threats on different platforms (Windows, Linux, cloud environments, etc.).
o Familiarity with Scripting languages (Python, PowerShell, etc.) to automate tasks or create custom detection methods.
Certifications (Preferred ):
o Certified Information Systems Security Professional (CISSP)
o Certified Incident Handler (GCIH, EC-Council)
o Certified Forensic Computer Examiner (CFCE)
o GIAC Certified Forensic Analyst (GCFA)
o GIAC Certified Intrusion Analyst (GCIA)
Analytical Skills:
o Strong analytical thinking, with the ability to connect seemingly unrelated pieces of information to identify threats.
o Excellent troubleshooting, problem-solving, and decision-making skills.
Soft Skills:
o Strong communication and collaboration skills for working across various teams.
o Ability to create clear, actionable reports and present findings to technical and non-technical stakeholders.
o Ability to work in high-pressure situations and handle escalated incidents effectively.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.
Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.