L3 SOC Analyst (Ref: DOSOCL3)

Remuneration:

Main job function

Our client, a managed IT Support & Services company based in the UK are seeking the skills of a L3 SOC Analyst to be based remotely in South Africa

The main role of the L3 SOC Analyst is to provide level 3 escalations capabilities to the SOC, be a subject matter expert for security-related services and perform day to day SOC threat hunting and investigation activities.

The L3 SOC Analyst will be responsible for assisting in driving our compliance and strategy in the SOC using the tooling within the company to develop and improve our services to our client and ensure we provide a pro-active and quality service to all SOC clients.

Primary Responsibilities

·        Ongoing threat hunting for clients and internally for the company

·        Automating tasks, alert and report creation on SOC activities.

·        Be the ultimate point of escalation for SOC support tickets.

·        Continuous monitoring of and action on internal and client security systems.

·        Detecting and responding to security events and protecting information assets.

·        Assisting in delivering security services and products to clients.

·        Assisting with improving internal SOC processes and procedures.

·        Contribute to the improvement of the information security within the company.

·        Communication with customers as required: keeping them informed of incident progress, notifying them of impending changes or agreed outages, etc.

·        Incident response and investigation, including owning incident playbooks.

·        Product investigation and testing for the SOC.

·        Upon out of hours incidents, support the wider Security Operations team by participating in an on-call rota.

·        Produce intelligence outputs, using the information at hand to pro-actively make decisions and changes to improve the client’s security posture and improve their security.

Desirable Qualifications

-        Cybersecurity related certifications.

-        Microsoft Security stack certifications.

-        Microsoft Sentinel and KQL

-        Vulnerability management

-        CYSA, CASP

-        BTL1

-        Relevant Comptia certifications

-        Other technical security and vendor qualifications a bonus

·        Experience in the following is required

-        SOC operations and tools (SIEM, EDR, etc.)

-        Vulnerability management experience

-        MSP/MSSP experience

-        Microsoft security stack (Intune, Azure, ATP, Defender)

-        5+ years in a SOC environment

-        Threat Hunting

-        Malware Analysis (Dynamic & Static)

·        Experience in the following is desirable

-        Microsoft Azure Sentinel

-        Scripting (PowerShell, Python, regex)

-        Other security tools a bonus

-        Control frameworks (ISO, PCI DSS, CIS, and/or NIST)

-        Working with remote team

-        5+ years in a cybersecurity environment

-        End Point Protection, Cloud Security, Security Incident and Event Management, Managed Anti-Virus Services, CASB, Data Loss Prevention

-        Threat and security research and investigation

-        Ability to provide information and audits and reporting for supported technologies.

-        Present on risk findings and vulnerabilities in a client environment

-        Conduct and develop security controls and put in measures to mitigate and prevent threats, vulnerabilities to prevent attacks on client environments

-        Ability to create root cause analysis and reporting on events

-        Facilitates the analysis of a client threat landscape during cyber-attacks activity.

A Consultant will be in touch if you are shortlisted for the position.  Please consider your application unsuccessful should you not have been contacted within 2 weeks.  We will keep your CV on our database and contact you should you match the criteria of any other vacancies.