An exciting opportunity has arisen for a 3rd Line Analyst within Airbus Protect in Newport. The role of the 3rd Line Analyst is to be an escalation point for all SOC operational activity. The successful candidate will be responsible for the day to day monitoring of multiple security devices, including SIEM, SOAR, IDS/IPS, EDR etc, ensuring that all customer SLAs are met. You will be required to work as part of the SOC team ensuring all SOC operational tasks are completed on time and work tickets updated/closed with satisfactory technical details included. The 3rd Line Analyst will be proficient at a technical level, often being required to attend technical workshops and customer briefings/service reviews. All Analysts are expected to be able to present and write professional reports to key stakeholders and exercise good time management.
Responsibilities
* Take over and lead the SOC Team in charge of the Critical Incidents when required.
* Complete analysis/correlation of 'Events of Interest' to identify incidents ensuring that all events, events of interest, exceptions & incidents are responded to in accordance with established SOC work instructions, including remedial action/recommendations.
* Complete post incident reporting. Responsible for SOC work instructions, ensuring they are reviewed & amended.
* Use Case Factory development.
* Playbook design and development.
* Use Case & Playbook validation before going live.
* Maintain currency in security concepts, tools and best practices.
* Present & review reports to internal & external key stakeholders.
* Continuous improvement process definition in coordination with SDM.
* Propose improvement regarding internal processes, support documentation and associated management tools.
* Present and write professional reports to key stakeholders.
Qualifications
* Palo Alto Networks Certified Detection and Remediation Analyst (PCDRA)
* Microsoft SC200: Microsoft Security Analyst
* Blue Team Level 1 & 2: Junior / Advanced Security Operations
* Knowledge of Microsoft Defender & Sentinel
* Knowledge of SOAR
* Knowledge of Splunk
* Understanding of threat actor Tactics, Techniques and Procedures (TTPs)
* SANS SEC401: Security Essentials (or equivalent)
* SANS SEC503: Network Monitoring and Threat Detection In-Depth (or equivalent)
* SANS SEC504: Hacker Tools, Techniques, Exploits and Incident Handling (or equivalent)
* Desirable: Knowledge of Reverse Engineering Malware
* Practical Junior Malware Researcher (PJMR)
* SANS SEC488: Cloud Security Essentials (or equivalent)
* CREST Certified Network Intrusion Analyst (CCNIA) (or equivalent)
* SANS FOR508: Advanced Incident Response, Threat Hunting and Digital Forensics (GCFA)
* All staff must exercise good time management and work as part of a team.
Benefits
* Exciting development opportunities and perspectives within Airbus as a global player.
* An attractive company pension scheme.
* Airbus Group success share scheme.
* An extensive range of additional benefits.
* Flexible working hours.
* Participation in Europe-wide projects as a prime supplier.
Location & Working Conditions
You will work from Airbus Protect offices, Newport, South Wales, with occasional requirements for business travel within the UK and abroad. Because of the nature of work undertaken, these positions are required to meet special nationality rules and therefore these vacancies are only open to sole British Citizens. If you meet this criteria you will also undergo security clearance vetting, if not already security cleared to a minimum DV level.
Equal Employment Opportunity
We are committed to equal employment opportunities regardless of race, colour, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace.
By submitting your CV or application you are consenting to Airbus using and storing information about you for monitoring purposes relating to your application or future employment. This information will only be used by Airbus.
#J-18808-Ljbffr