Responsibilities
* Provide monitoring, alerting and incident handling services within the SOC in line with SLAs.
* Act as the initial analytical reference point for identifying and quantifying the nature and extent of security incidents, offering professional advice to reduce MTTD and MTTR.
* Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team.
* Provide advice on potential mitigation measures to prevent or limit future reoccurrence in collaboration with the IR Team.
* Perform proactive analysis across client networks by staying abreast of current threats and trends.
* Develop and maintain a credible knowledge of current and emerging threats likely to affect the integrity of the managed service you are protecting.
* Review recurring false‑positive firings and assist in tuning SIEM and IDS rules to reduce false positives and maintain good security alerting.
* Create reporting for management and clients on security incidents and threat intelligence trends, and communicate at all levels to keep customers informed.
Qualifications
* Experience in Cyber Security (e.g., Protective Monitoring, Incident Response, Security Engineering).
* SIEM (LogRhythm, Arcsight, Splunk, etc.) & IDS (Snort) experience.
* Sound knowledge of IT security best practices, common attack types, and detection/prevention methods.
* Understanding of Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors.
* Collaborative working ethos and ability to create Playbooks and Use Cases.
* Experience analyzing and interpreting system, security & application logs to diagnose faults and spot abnormal behaviours.
* Great organisational skills & attention to detail.
* Ability to work independently and as part of a team.
* Highly motivated, with an aptitude to learn new skills.
Additional Skills / Certifications (Optional)
* SANS SEC 503 Intrusion Detection in Depth or equivalent.
* SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent.
* SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent.
* SANS SEC 511 Continuous Monitoring and Security Operations or equivalent.
* Exposure to IT service management best practices such as ITIL.
* Knowledge of standards & guidelines such as ISO27001, GDPR principles and GPG‑13.
* Threat Intelligence experience.
* Report Writing.
Benefits & Perks
* Generous leave with opportunity to accrue up to 12 additional flexi‑days each year.
* Award‑winning pension scheme with up to 15% employer contribution.
* Free access to mental health support, financial advice, and employee‑led networks championing inclusion and diversity.
* Bonus scheme for employees at management level and below.
* Free access to 4,000+ online courses via Coursera and LinkedIn Learning.
* Referral programme financial reward.
* Flexible benefits: spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships, and more.
* Flexible hours with hybrid working options; part‑time opportunities possible.
Additional Notes
This role is subject to pre‑employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). Additional personnel security controls may apply, including National Security Vetting (NSV), which could include the Security Check (SC) or Developed Vetting (DV).
#J-18808-Ljbffr