Role/Job title SOC Analyst (L2)
Work Location - Reading
Role type - Permanent/Fixed Term/ Contracting Contracting
Mode of working Hybrid /office based Hybrid
If Hybrid, how many days are required in office?3
Number of positions 2
UnitCSP
Duration of assignment 6 Months initial / Overall 12 Months
Any other working conditions - travel/on call/shifts
To be published on job boards from below onwards
The Role
-------> Please include a brief outline of the impact this role will have, including overview of customer industry and projects, access to cutting-edge technology etc. Do NOT include customer name.
Seeking a highly experienced SOC L2 Analyst to strengthen our Security Operations Center. As a Tier 2 CERT Analyst, Candidate will lead the investigation and remediation of advanced cyber threats, leveraging cutting-edge tools such as Splunk, Microsoft Sentinel, CrowdStrike, and Defender and other security stacks. Candidate will handle complex incidents like APTs, malware, and data breaches, ensuring swift, effective responses to minimize risk to the organization and its clients.
The ideal candidate will have advanced expertise in monitoring, analyzing, and mitigating cybersecurity threats, as well as managing security tools and mentoring junior analysts. This role involves proactive threat hunting, incident response, and collaboration with cross-functional teams to enhance the organization s security posture.
Your responsibilities: (Up to 10, Avoid repetition)
1.Incident Detection and Response:
oLead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs).
oUtilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts.
oTake ownership of Tier 2-level escalations from Tier 1 analysts and guide them through complex incident response procedures.
2.Threat Hunting & Analysis:
oProactively search for threats across the environment using behavioral analysis and threat intelligence data.
oAnalyze data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity.
oCollaborate with other security teams to uncover hidden threats and vulnerabilities.
3.Incident Forensics:
oPerform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents
4.Incident Detection and Response:
oLead investigations and remediation of complex security incidents, including malware infections, data breaches, and advanced persistent threats (APTs).
oUtilize advanced SIEM (Security Information and Event Management) tools, threat intelligence platforms, and other security technologies to analyze and correlate security alerts.
oTake ownership of Tier 2-level escalations from Tier 1 analysts and guide them through complex incident response procedures.
5.Threat Hunting & Analysis:
oProactively search for threats across the environment using behavioral analysis and threat intelligence data.
oAnalyze data from logs, network traffic, endpoint activities, and threat intelligence feeds to detect unusual or malicious activity.
oCollaborate with other security teams to uncover hidden threats and vulnerabilities.
6.Incident Forensics:
oPerform in-depth forensic analysis to determine the scope, impact, and root cause of security incidents.
oCollect, preserve, and analyze evidence related to breaches, intrusions, or malware infections while adhering to legal and regulatory requirements.
oPrepare reports and documentation that detail the findings, impact assessments, and remediation efforts.
7.Remediation and Recovery:
oProvide guidance on incident containment, eradication, and recovery processes.
oWork closely with IT teams to implement remediation steps and ensure that compromised systems are properly cleaned and restored.
oCollaborate with threat intelligence teams to identify indicators of compromise (IOCs) and ensure proper actions are taken to block further attacks.
8.Collaboration & Knowledge Sharing:
oWork with internal stakeholders (e.g., IT, network security, DevOps) to improve overall organizational security posture.
oShare knowledge, techniques, and findings with Tier 1 and Tier 3 teams to improve detection and response capabilities.
oParticipate in post-incident reviews and recommend improvements to processes, tools, and techniques.
9.Security Intelligence & Research:
oStay up-to-date with the latest cybersecurity trends, vulnerabilities, and attack techniques.
oContribute to the enhancement of threat intelligence by sharing research findings on emerging threats.
oDevelop and maintain custom detection signatures or playbooks to enhance detection and response capabilities.
10.Reporting & Documentation:
oCreate detailed incident reports, including technical analysis and recommendations for mitigation.
oPresent findings to management and external stakeholders, such as clients or regulatory bodies, when necessary.
oEnsure proper documentation of incident response workflows, timelines, and action items for continuous improvement.
11.Compliance and Risk Management:
oEnsure all incident response activities align with industry standards, regulations, and best practices (e.g., NIST, ISO 27001, GDPR, HIPAA).
oWork with legal and compliance teams to manage incidents within the scope of data privacy laws and regulations.
Your Profile
Essential skills/knowledge/experience: (Up to 10, Avoid repetition)
Bachelor's degree in Computer Science, Information Technology, Systems Engineering, or a related field.
Experience:
oMinimum of [6-8] years of experience in cybersecurity, with incident response, digital forensics, or threat hunting.
oStrong experience in handling complex cyber incidents (e.g., APTs, ransomware, data breaches).
oHands-on experience with SIEM platforms (e.g., Splunk, ArcSight, LogRhythm) and endpoint detection/response (EDR) tools.
Technical Skills:
oProficient in incident response tools and techniques, including network and system forensics, malware analysis, and memory analysis.
oExpertise in analyzing and responding to threats on different platforms (Windows, Linux, cloud environments, etc.).
oFamiliarity with scripting languages (Python, PowerShell, etc.) to automate tasks or create custom detection methods.
Certifications (Preferred ):
oCertified Information Systems Security Professional (CISSP)
oCertified Incident Handler (GCIH, EC-Council)
oCertified Forensic Computer Examiner (CFCE)
oGIAC Certified Forensic Analyst (GCFA)
oGIAC Certified Intrusion Analyst (GCIA)
Analytical Skills:
oStrong analytical thinking, with the ability to connect seemingly unrelated pieces of information to identify threats.
oExcellent troubleshooting, problem-solving, and decision-making skills.
Soft Skills:
oStrong communication and collaboration skills for working across various teams.
oAbility to create clear, actionable reports and present findings to technical and non-technical stakeholders.
oAbility to work in high-pressure situations and handle escalated incidents effectively.
Work Environment and Conditions:
oWork will be performed in a fast-paced, dynamic security operations environment.
oAbility to work after hours and on weekends when incidents arise.
oPossible on-call rotations for urgent incident response needs.
TPBN1_UKTJ