Security Analyst

Posted 23 May 2024
LocationUnited Kingdom
Job type Permanent
Discipline Cyber Defence
Reference423244

Job description

Trident Search are working with a leading Microsoft security client who is adding Senior Security Analyst to their SOC.

Your role will be mainly focused on being a key escalation point and triaging, researching the latest threats and proactively searching clients networks during down time. The client is very focused on providing an in-depth service whilst using some of the latest technology.

While primarily this position will be focused on the dealing of client incidents, added responsibilities around detection engineering will be available, progressing you towards a position as a Security Engineer.

What your role will entail:
  • Provide technical lead support to enterprise level clients using the Microsoft security stack and Investigating into potentially verified incidents and execution of active response actions.
  • Ensure SLAs for enterprise clients are met with alert descriptions and recommended actions being of an acceptable standard, with possible mitigation actions to be executed efficiently and at an advanced level.
  • Assist in Incident remediation and prevention documentation and plans where required and be able to execute the processes documented in an effective manner.
  • Proactively identify indicators of compromise and TTP’s to generate and execute Threat Hunting capability, with the possible requirement of executing the incident response plans assigned to the solution to ensure the clients environment threats are eliminated/mitigated.
  • Handle User and Entity Behaviour Analytics (UEBA) and Threat Hunting use cases of potential security incidents and security events in accordance with SOC processes and procedures.
  • Research, analyse and identify potential vulnerabilities and emerging threats, with the goal of creating detect & response rules to assist in visibility and response capabilities.
  • Leveraging automation and SOAR elements to ensure a lean service that eliminates unnecessary noise and allows for analysts to respond quicker to verified incidents.
  • Initiate escalation procedure to counteract potential threats/vulnerabilities.
  • Conduct periodic security and network impact reviews for enterprise clients.
Essential Experience:
  • Strong analytical skills to define risk, identify potential threats, document and develop action/mitigation plan.
  • KQL writing skills
  • Knowledge/experience with multiple log sources (Firewall, Proxy, Windows Event Logs, Office 365 activity etc)
  • Working knowledge of Log Management/SIEM & EDR technology (e.g., Azure Sentinel, AlienVault, MS CloudApp Security, Carbon Black, MS Defender for Endpoint).
  • Good Interpersonal skills and being able to talk effectively with client teams.
Desirable:
  • Incident Response experience, establishing possible root cause and taking action to mitigate threats using a variety of possible solutions (Carbon Black and MS Defender for Endpoints for example).
  • Security technology certifications (e.g., SANS, OSCP GCIA, GCIH, GSEC).
  • Experience with the Microsoft Solution Portfolio (Office 365, PowerBI etc)
  • Experience in automation methods and implementation.
  • Experience with securing various environments.