Senior Security Analyst (12 month FTC)
Apply locations London time type Full time posted on Posted 30+ Days Ago job requisition id JR100657
Job Summary
We are seeking an experienced and strategic Senior Security Analyst to join our team, with a strong emphasis on designing and enhancing our SIEM capabilities and security monitoring processes. In this role, you will lead efforts to monitor and analyze security events and alerts generated by our Security Operations Centre (SOC), assess their severity, and determine the appropriate response. As a senior member of the team, you will collaborate with Tier 2 and Tier 3 engineers to coordinate incident triage and escalate critical issues.
You will be instrumental in creating and refining SIEM use cases, developing advanced alerting mechanisms, and establishing effective response procedures to optimize SOC operations. Additionally, you will actively monitor threat intelligence sources for emerging threats, provide expert security guidance on project teams, and manage vulnerability scanning tools to maintain and strengthen our organization’s security posture.
This role offers the opportunity to drive the continuous improvement of our threat detection and response capabilities, with a strong emphasis on refining security practices. Expertise in querying languages for SIEM policy development and advanced triage is highly desired for this position.
This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations, and in some situations may necessitate extended hours of work.
Responsibilities include:
Oversee security events and alerts generated by the Security Operations Center (SOC).
Perform initial analysis to determine severity of security events. First responder for alerts requiring immediate response and escalation. As senior analyst provide support where required for escalated incidents.
Triage confirmed security events and alerts, in coordination with Tier 2 and Tier 3 network and infrastructure engineers, following documented procedures.
Monitor and research threat and vulnerability news streams for relevant cybersecurity intel that may have an impact on the enterprise. Analyze reports to understand threat campaign(s) techniques and extract indicators of compromise (IOC).
Manage and create SIEM and SOAR custom correlation rules, dashboards, and reports. This will also include tasks like new data ingestion, normalization, rule deployment, and alert management.
Develop and implement detailed processes and response procedures to enhance overall SOC functions, including optimizing incident detection workflows, streamlining escalation paths, refining communication protocols, and integrating best practices for improved operational efficiency and effectiveness.
Skills & Competencies
Relevant experience working in a Security Operations Centre.
Relevant experience working with Crowdstrike, Microsoft Defender or Sentinel One.
Relevant experience monitoring and operating a SIEM/SOAR Platform.
Relevant previous experience with SIEM Splunk / LogScale / Humio querying language.
Good experience in the creation of SOC process and procedure documentation.
Previous experience with Tenable Security products or similar Vulnerability scanning solutions for identifying network and operating system risks and misconfigurations is desirable.
Expert understanding of all Windows operating systems (server and desktop) required.
Understanding of cloud environments (such as AWS, Azure, Google Cloud) and their security controls.
Understanding of high-level log analytics (firewall logs, network logs, authentication logs, system logs, debug logs).
Understanding of security and network incident response protocols.
Understanding of EDR / SIEM / SOAR.
Understanding of malware, including APT and other emerging threats.
Understanding of firewalls and IDS/IPS systems.
Understanding of Active Directory and Entra-ID.
Highly desired proficiency in automation and scripting languages (such as Python and PowerShell) to streamline repetitive tasks and effectively analyze security data.
Structured, organized, self-motivated and proactive.
Ability to multitask, prioritize and manage time effectively.
Excellent attention to detail.
Excellent interpersonal skills and professional demeanor.
Excellent verbal and written communications skills.
Excellent customer service skills.
Fluent in English, written and spoken.
Good at working both independently and in teams.
Adaptable to a pressured, fast-paced environment.
Education
Blue Team Operations or Cyber Defense GIAC certified, or similar GIAC certification.
Certified Ethical Hacker (CEH), GCIH, OSCP.
#J-18808-Ljbffr
Job Summary
We are seeking an experienced and strategic Senior Security Analyst to join our team, with a strong emphasis on designing and enhancing our SIEM capabilities and security monitoring processes. In this role, you will lead efforts to monitor and analyze security events and alerts generated by our Security Operations Centre (SOC), assess their severity, and determine the appropriate response. As a senior member of the team, you will collaborate with Tier 2 and Tier 3 engineers to coordinate incident triage and escalate critical issues.
You will be instrumental in creating and refining SIEM use cases, developing advanced alerting mechanisms, and establishing effective response procedures to optimize SOC operations. Additionally, you will actively monitor threat intelligence sources for emerging threats, provide expert security guidance on project teams, and manage vulnerability scanning tools to maintain and strengthen our organization’s security posture.
This role offers the opportunity to drive the continuous improvement of our threat detection and response capabilities, with a strong emphasis on refining security practices. Expertise in querying languages for SIEM policy development and advanced triage is highly desired for this position.
This position involves critical duties and responsibilities that must continue to be performed during crisis situations and contingency operations, and in some situations may necessitate extended hours of work.
Responsibilities include:
Oversee security events and alerts generated by the Security Operations Center (SOC).
Perform initial analysis to determine severity of security events. First responder for alerts requiring immediate response and escalation. As senior analyst provide support where required for escalated incidents.
Triage confirmed security events and alerts, in coordination with Tier 2 and Tier 3 network and infrastructure engineers, following documented procedures.
Monitor and research threat and vulnerability news streams for relevant cybersecurity intel that may have an impact on the enterprise. Analyze reports to understand threat campaign(s) techniques and extract indicators of compromise (IOC).
Manage and create SIEM and SOAR custom correlation rules, dashboards, and reports. This will also include tasks like new data ingestion, normalization, rule deployment, and alert management.
Develop and implement detailed processes and response procedures to enhance overall SOC functions, including optimizing incident detection workflows, streamlining escalation paths, refining communication protocols, and integrating best practices for improved operational efficiency and effectiveness.
Skills & Competencies
Relevant experience working in a Security Operations Centre.
Relevant experience working with Crowdstrike, Microsoft Defender or Sentinel One.
Relevant experience monitoring and operating a SIEM/SOAR Platform.
Relevant previous experience with SIEM Splunk / LogScale / Humio querying language.
Good experience in the creation of SOC process and procedure documentation.
Previous experience with Tenable Security products or similar Vulnerability scanning solutions for identifying network and operating system risks and misconfigurations is desirable.
Expert understanding of all Windows operating systems (server and desktop) required.
Understanding of cloud environments (such as AWS, Azure, Google Cloud) and their security controls.
Understanding of high-level log analytics (firewall logs, network logs, authentication logs, system logs, debug logs).
Understanding of security and network incident response protocols.
Understanding of EDR / SIEM / SOAR.
Understanding of malware, including APT and other emerging threats.
Understanding of firewalls and IDS/IPS systems.
Understanding of Active Directory and Entra-ID.
Highly desired proficiency in automation and scripting languages (such as Python and PowerShell) to streamline repetitive tasks and effectively analyze security data.
Structured, organized, self-motivated and proactive.
Ability to multitask, prioritize and manage time effectively.
Excellent attention to detail.
Excellent interpersonal skills and professional demeanor.
Excellent verbal and written communications skills.
Excellent customer service skills.
Fluent in English, written and spoken.
Good at working both independently and in teams.
Adaptable to a pressured, fast-paced environment.
Education
Blue Team Operations or Cyber Defense GIAC certified, or similar GIAC certification.
Certified Ethical Hacker (CEH), GCIH, OSCP.
#J-18808-Ljbffr
