Location: Bolton
Remote SOC Analyst needs 2+ years of experience in a SOC or cybersecurity operations role.
SOC Analyst requires:
• Security certifications such as Security+, CySA+, GCIH, GCIA, or equivalent.
• Experience with scripting (Python, Power Shell) for automation and analysis.
• Exposure to cloud security monitoring (Azure, AWS, GCP).
• Understanding of compliance frameworks (e.g., NIST, ISO 27001, PCI-DSS).
• Experience with Microsoft Sentinel for SIEM and Microsoft Defender for Endpoint for EDR.
• Solid understanding of TCP/IP, Windows/Linux OS internals, and common attack vectors.
• Familiarity with MITRE ATT&CK, cyber kill chain, and threat modeling.
• Alert Triage & Validation:
Investigate and validate alerts escalated from our security partners using SIEM, EDR, and other security tools.
• Incident Response:
Execute containment and remediation steps for confirmed incidents. Escalate to Tier 3 when deeper forensic or threat hunting expertise is required.
• Threat Analysis:
Correlate data across multiple sources (network, endpoint, cloud) to identify patterns and indicators of compromise (IOCs).
• Detection Tuning:
Work with engineering and Tier 3 teams to fine-tune detection rules and reduce false positives.
• Process Development:
Document SOC workflows, procedures, and incident handling processes. Build and maintain runbooks to standardize response actions and improve operational efficiency.
• Continuous Improvement:
Stay current on emerging threats, vulnerabilities, and security technologies. Recommend improvements to detection and response capabilities.
#J-18808-Ljbffr