Are you a technical security analyst who has experience in incident response and are looking for that next step towards a leadership role?

Trident Search are working with a law firm who are looking for a Lead Security Analyst to join them. They boast an already robust security posture and are looking for someone to help further mature it, whilst ensuring any incidents that come in are able to be closed out. They are on a journey of implementing a variety of new technologies across their estate, including Splunk, defender and CS Falcon.

In addition to IR and project work, you will be working closely with the SOC Manager in ensuring the team remains at its highest operational effectiveness. This role offers hybrid working and requires minimal travel to the clients offices.

The Role:

• Providing subject matter expertise on detection, protection and response of security events and incidents;

• Liaising with the operational IT teams on incident response and improvements;

• Reporting on key operational metrics from the team;

• Ensure operational processes are documented and kept up to date using feedback from incident lessons learned;

• Ensure response capabilities are mature and tested on a regular basis;

• Educating and assisting in the development of Security Analysts;

• Design and implementation of custom use cases;

• Identifying areas of improvement in current tools and processes;

• Acting as a stand in for the Senior Security Operations Manager as needed.

Experience:

• 5+ years of industry experience related to infosec activities, (2-3 in a SOC environment)

• Experience of wider operational security in international organisations;

• Demonstrable understanding of information security controls and technology;

• Team leadership/management;

• Excellent knowledge of technical security controls including, SIEM, SOAR, EDR, firewalls, IPS/IDS, web filtering, email filtering.

• Familiarity with frameworks such as, MITRE ATT&CK, Cyber Kill Chain, SIGMA, STRIDE

• Knowledge of Cloud Security Services such as M365 stack

• Fundamental understanding of cloud technologies (IaaS and SaaS)

If you are technical, competent with incident response and wish to take on a little more responsibility then go ahead and apply.