The Security Operations Centre (SOC) is part of the Admiral Group’s Security Operations function. The SOC is looking for an experienced SOC analyst to join Admiral’s SOC team in the UK. As a SOC Analyst, you will be responsible for responding to and investigating security events within Admiral’s environment.
The security analyst team is a key part of the SOC (along with Threat Hunting function, which is also part of the SOC) and works closely with other security operations functions such as Digital Forensics & Incident Response, Threat Intelligence, as well as with various technology and business units. This role might require working on a scheduled shift rota.
Responsibilities
1. Triage cases/alerts on SOAR, SIEM, EDR platforms.
2. Triage cases generated by Admiral’s Data Loss Prevention (DLP) rules.
3. Perform initial investigation on alerts using all available security technology solutions.
4. Conduct threat hunting using Admiral’s security systems as and when needed.
5. Assist the DFIR (Digital Forensics and Incident Response) team during an incident response investigation as and when needed.
6. Raise issues with the relevant teams to help improve detection and alerting capabilities.
Key Interactions
7. Engage with the overall SOC team on case investigations.
8. Engage with the Cyber Threat Intelligence (CTI) team.
9. Engage with the DFIR team when needed.
10. Engage with various stakeholders within Security Operations as and when needed.
Knowledge and Experience Required
11. + years’ experience in any of the following: SOC; incident response; digital forensics.
12. Experience in alert triage on a SIEM (Security Information and Event Management) solution such as Microsoft Sentinel, LogRhythm, Chronicle, Splunk.
13. Analysing security logs / alerts from security solutions such as firewalls, EDR.
14. Good understanding of general cyber-security principles.
15. Familiarity with public cloud platforms such as Azure, GCP or AWS and security practices on those platforms.
16. Working understanding of frameworks such as Cyber Kill Chain, MITRE ATT&CK.
Desirable Skills
17. Previous working experience on a SOAR (Security Orchestration, Automation & Response) platform would be highly advantageous but not mandatory.
18. Certifications such as the following would be desirable but not mandatory: GCIH, GCFE, GCIA, GDAT, GCDA, GISP.
Admiral: Where You Can
We take pride in being a diverse and inclusive business. It's a place where you can Be You, and show up as you are. We’re committed to fostering a people-first culture where everyone is accepted, supported, and empowered to be brilliant. You can, Grow And Progress at a pace and direction that suits you, Make A Difference for our customers and each other, and Share in Our Future with all colleagues eligible for up to £, of free shares each year after one year of service.
Everyone receives days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of days (including bank holidays). You also have the option to buy or sell up to an additional five days of annual leave.
We’re proud of our people-first culture. In fact, we've been recognised as a Great Place to Work for Women, a Great Place to Work for Wellbeing, and an overall Great Place to Work for over years! We’re fully committed to making sure your progression is not slowed or halted by barriers related to race, gender, age, sexuality or any of the protected characteristics.
Our fantastic benefits make sure our colleagues have a great work-life balance; You can view some of our other key benefits .
LI-CS