Farringdon, United Kingdom | Posted on 08/26/2025
We provide end-to-end IT solutions and services including Applications services, Data & Analytics services, AI/ML Technologies and Professional services in the UK and EU market.
Job Description
Location: London (Hybrid) - 3 days onsite
The Tier 2 SOC Threat Response Analyst plays a critical role within the Client Security Operations Center (SOC), responsible for executing incident response activities in alignment with established procedures and industry best practices. This position requires strong technical expertise across multiple security domains, exceptional analytical skills, and the ability to communicate effectively with both technical teams and executive stakeholders.
The ideal candidate will have deep hands-on experience with SIEM, IDS/IPS, EDR, APT detection, and WAF technologies, coupled with strong proficiency in both Linux and Windows environments. A solid understanding of networking protocols, attack methodologies, and adversary tradecraft is essential. Active participation in threat intelligence communities and the ability to disseminate actionable intelligence across the SOC team are also key aspects of this role.
Above all, candidates must demonstrate a strong passion for cybersecurity, intellectual curiosity, and the drive to proactively defend enterprise assets.
Key Responsibilities
* Perform initial triage and investigation of security incidents in accordance with the Incident Response framework.
* Lead communication and escalation efforts throughout the incident lifecycle, including engagement with data asset owners and business continuity stakeholders during high-severity events.
* Conduct proactive threat hunting for anomalous or suspicious activity leveraging SIEM, EDR, and related toolsets.
* Analyze logs, network traffic, and system artifacts to identify potential indicators of compromise.
* Provide first-responder forensic analysis and investigative support for security events.
* Drive containment and remediation strategies during data loss, breach, or advanced attack scenarios (e.g., APTs, botnets).
* Tune and optimize security controls (IDS/IPS, proxy, malware protection, WAF) based on threat intelligence, incident learnings, and vulnerability assessments.
* Recommend enhancements to detection and response capabilities based on investigation outcomes and emerging threats.
* Strong analytical and problem-solving abilities with a detail-oriented approach.
* Proficiency in network security concepts, including security zoning, firewall rule sets, and IDS/IPS policies.
* Comprehensive knowledge of networking protocols and communications across OSI Layers 1–7.
* Experience with system and application administration across Linux, Windows, and middleware platforms.
* Hands-on experience managing and troubleshooting network and security infrastructure tools.
* Advanced log analysis skills, including parsing syslog, HTTP, and database logs.
* Expertise with log aggregation/search tools (e.g., Splunk), including use of regular expressions and query languages.
* Strong packet capture and network traffic analysis capabilities.
* Familiarity with security assessment and penetration testing tools (e.g., Nmap, Nessus, Metasploit, Netcat).
* Proficiency with EDR platforms for detection, investigation, and response.
* Ability to design and execute containment strategies under pressure.
Preferred Training, Certifications, and Qualifications
* Preferred (with corresponding GIAC certifications): SEC401 (GSEC)
* Recommended: Hacker Guard: Security Baseline – SEC464
* Advanced Security Essentials – SEC501 (GCED)
#J-18808-Ljbffr