SOC Engineer (SC Cleared)
Posted 7 days ago by Stealth IT Consulting
£400 Per day
Undetermined
Undetermined
United Kingdom
Summary: The SOC Engineer (SC Cleared) role involves monitoring and responding to security incidents, utilizing various security tools and frameworks. The position requires a strong understanding of network protocols, operating systems, and security frameworks, along with the ability to analyze security alerts and logs. The engineer will also be responsible for threat hunting, incident response, and maintaining SOC tools to enhance detection and response capabilities. Relevant certifications and scripting skills are desirable for this position.
Key Responsibilities:
- Monitor security alerts and events from SIEM systems.
- Analyse logs and network traffic to identify anomalies and potential threats.
- Investigate and triage security incidents, escalating as necessary.
- Respond to security incidents in Real Time, following established playbooks.
- Conduct root cause analysis and document findings.
- Support containment, eradication, and recovery efforts.
- Leverage threat intelligence feeds to identify emerging threats.
- Perform proactive threat hunting to detect hidden threats in the environment.
- Maintain and tune SOC tools such as SIEM, EDR, IDS/IPS, and SOAR platforms.
- Develop scripts and automation to improve detection and response efficiency.
- Create incident reports, dashboards, and metrics for stakeholders.
- Maintain accurate documentation of incidents, investigations, and response actions.
Key Skills:
- Strong understanding of TCP/IP, DNS, HTTP/S, and other network protocols.
- Knowledge of operating systems (Windows, Linux).
- Familiarity with security frameworks (MITRE ATT&CK, NIST, ISO 27001).
- Experience with SIEM tools (eg, Splunk, QRadar, Sentinel).
- Knowledge of EDR solutions (eg, CrowdStrike, Carbon Black).
- Understanding of firewalls, proxies, and IDS/IPS systems.
- Scripting skills (Python, PowerShell, Bash) are a plus.
- Relevant certifications (eg, CompTIA Security+, CEH, GCIA, GCIH, CISSP) are desirable.
Salary (Rate): £400 Per Day
City: undetermined
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
Strong understanding of:
- TCP/IP, DNS, HTTP/S, and other network protocols.
- Operating systems (Windows, Linux).
- Security frameworks (MITRE ATT&CK, NIST, ISO 27001).
- SIEM tools (eg, Splunk, QRadar, Sentinel).
- EDR solutions (eg, CrowdStrike, Carbon Black).
- Firewalls, proxies, and IDS/IPS systems.
- Scripting skills (Python, PowerShell, Bash) are a plus.
- Relevant certifications (eg, CompTIA Security+, CEH, GCIA, GCIH, CISSP) are desirable.
Potential previous experience:
- Monitor security alerts and events from SIEM (Security Information and Event Management) systems.
- Analyse logs and network traffic to identify anomalies and potential threats.
- Investigate and triage security incidents, escalating as necessary.
- Respond to security incidents in Real Time, following established playbooks.
- Conduct root cause analysis and document findings.
- Support containment, eradication, and recovery efforts.
- Leverage threat intelligence feeds to identify emerging threats.
- Perform proactive threat hunting to detect hidden threats in the environment.
- Maintain and tune SOC tools such as SIEM, EDR (Endpoint Detection and Response), IDS/IPS, and SOAR platforms.
- Develop scripts and automation to improve detection and response efficiency.
- Create incident reports, dashboards, and metrics for stakeholders.
- Maintain accurate documentation of incidents, investigations, and response actions.