Security Operations (SOC) Analysts Tiers 1, 2 & 3 – SIEM, IDS/IPS, DLP

  • Full Time
  • Peterborough
  • Location: Peterborough
  • Salary: From £22,000 to £40,000 per annum Plus Shift Allowance and Excellent B

Proprius Recruitment

Proprius Recruitment are specialists in the niche Security & Risk environment, for the last 13 years in the Cyber Security & IT Risk arena.

Security Operations (SOC) Analysts Tiers 1, 2 and 3 – SIEM, IDS/IPS, Firewall, Web Application Firewalls, DLP, Kill Chain, SANS: GCWN, GSSP, GISCP, GSSP, GCIH, GIAC, CCSP, CISSP, CISSP – ISSEP, ISSAP, CSSLP, SSCP, Cisco: CCNP, Microsoft: MCSE, Redhat: RHCA, RHCE,

The Security Operations team of this diversified international food, ingredients and retail group operating in 50 countries, provides a suite of operationally focused services to the Shared Service Centre businesses allowing them to remain vigilant to the state of security and compliance within their environments, including security configuration changes, ongoing monitoring of centralized information management systems; Investigation and response to identified incidents; Vulnerability release monitoring and tracking; and Administration of global security management systems.

Reporting to the Security Operations Manager, Analysts will possess varying knowledge and experience around network, endpoint, threat intelligence, forensics and malware reverse engineering, as well as the functioning of specific applications or underlying IT infrastructure.

Tier 3 Analysts will also act as incident “hunters,” not waiting for escalated incidents; closely involved in developing, tuning and implementing threat detection analytics.

BENEFITS

  • Bonus scheme to 10% – 5% business performance/5% personal performance
  • Pension – Company pays 4% Employee pays 4% can pay up to a maximum of 10% like for like
  • Bupa – Healthy mind advice line for medical /financial etc queries
  • Holiday 25 days pa
  • Cycle To Work Scheme
  • My Staff Shop

Key Responsibilities

Tier 3 Analyst

  • Monitoring and analysis of cyber security events
  • Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP)
  • Functional escalation point for incidents assigned by Tier 2 and acting as a referral point to determine any increased risks to the business
  • Recognize potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Conduct research on emerging security threats.
  • Respond to computer security incidents by collecting, analysing, preserving digital evidence and ensuring incidents are recorded and tracked in accordance with Security Operations requirements.
  • Work with other teams to assess risk and provide recommendations for improving security posture.
  • Working knowledge of any of the following tools is required: Splunk, Symantec Endpoint, RSA Security Analytics, NIKSUN, Wireshark, or other information security tools.
  • Conduct research on emerging security threats.
  • Provides correlation and trending of cyber incident activity.
  • Develops threat trend analysis reports and metrics.
  • Supports tier 1 and 2 analysis, handling and response activity.
  • Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
  • Author Standard Operating Procedures (SOPs) and training documentation when needed.

Preferred Qualifications/Experience

  • Minimum 5 years, with at least 4 years of information security operations or incident response experience, and familiarity with Cyber Kill Chain
  • Subject Matter Expertise in Vulnerability Assessment, Intrusion Prevention and Detection, Access Control and Authorization, Policy Enforcement, Application Security, Protocol Analysis, Firewall Management, Incident Response, Encryption, Web filtering, Advanced Threat Protection.
  • At least one of the following: SANS: GCWN, GSSP, GISCP, GSSP Carnegie Mellon: SEI, ISC2: CCSP, CISSP, CISSP – ISSEP, ISSAP, CSSLP, SSCP, Cisco: CCNP, CCIE Security, EC Council: ENSA, ECSP, Microsoft: MCSE, Redhat: RHCA, RHCE, VMWare: VCA, VCP, VCAP, VCIX, VCDX, DoD 8570: IASAE

Knowledge & Experience

  • Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
  • Ability to take lead on incident research and be able to mentor Tier 1 and 2 Analysts.
  • Self-motivated and able to work in an independent manner.
  • Excellent analytical and problem solving skills
  • Experience with technical writing
  • Possess an understanding of security standards and risk management
  • Have excellent written and verbal communication skills
  • Possess the ability to adjust and adapt to changing priorities in a dynamic environment
  • Be able to multi-task and be pro-active in addressing issues and requests
  • Possess technical acumen and the ability to understand and interpret technical specifications

Tier 2 Analyst

  • Monitoring and analysis of cyber security events
  • Services monitored include SIEM, IDS/IPS, Web Application Firewalls, Data Loss Prevention (DLP)
  • Functional escalation point for incidents registered by SOC Tier 1 and acting as a referral point to determine any increased risks to the business
  • Respond to computer security incidents by collecting, analysing, preserving digital evidence and ensuring incidents are recorded and tracked in accordance with Security Operations requirements.
  • Development and execution of Standard Operating Procedures, Event Handlers and Job Aids required for successful task completion
  • Recognize potential; successful; and unsuccessful intrusion attempts and compromises thorough reviews and analyses of relevant event detail and summary information
  • Work with other teams to assess risk and provide recommendations for improving security posture.
  • Working knowledge of any of the following tools: Splunk, Symantec Endpoint, RSA Security Analytics, NIKSUN, Wireshark, or other information security tools.
  • Provides correlation and trending of cyber incident activity.
  • Supports Tier 1 analysis, handling and response activity.
  • Maintains situational awareness reports for advanced threats such as Advanced Persistent Threat (APT) and Focused Operations (FO) incidents.
    Author Standard Operating Procedures (SOPs) and training documentation when needed.

Preferred Qualifications/Experience

  • Minimum of 4 years, with at least 3 years of information security operations or incident response experience, and familiarity with Cyber Kill Chain
  • Must have at least one (1) certification in the field of information security from a respectable security organization. Desirable certifications include, but not limited to: GCIH, GCIA, GCFE, GREM, GCFA, GSEC, Security +, CEH, CISSP, CCNA (Security) or equivalent Certifications.

Knowledge & Experience

  • Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
  • Ability to take lead on incident research and be able to mentor Tier 1 Alert Analysts.
  • Self-motivated and able to work in an independent manner.
  • Excellent analytical and problem solving skills
  • Experience with technical writing
  • Possess an understanding of security standards and risk management
  • Have excellent written and verbal communication skills
  • Possess the ability to adjust and adapt to changing priorities in a dynamic environment
  • Be able to multi-task and be pro-active in addressing issues and requests
  • Possess technical acumen and the ability to understand and interpret technical specifications

Tier 1 Analyst

  • Responding to end user security incidents as referred by the Service Desk
  • Monitoring and analysis of cyber security events
  • Execution of Standard Operating Procedures in response to alerts and events
  • Services monitored will include, but are not limited to SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP)
  • Work with Incident Response team to help create RCA’s for events escalated to incident levels
  • Taking on the role of the SSC Service Desk outside of SSC Service Desks core hours which will include Incident Management, to standard Service Desk operating procedures.

Preferred Qualifications/Experience

  • IT environment experience with at least 2 years of IT incident handing
  • Bachelor’s degree or equivalent combination of education and 2 years of experience in computer science, computer engineering, mathematics or related field

Knowledge & Experience

  • Experience with SIEM, IDS/IPS, Firewall, Web Application Firewalls, Data Loss Prevention (DLP) and Security Event Correlation
  • Excellent analytical and problem solving skills
  • Experience with technical writing
  • Possess an understanding of security standards and risk management
  • Have excellent written and verbal communication skills
  • Possess the ability to adjust and adapt to changing priorities in a dynamic environment
  • Be able to multi-task and be pro-active in addressing issues and requests
  • Possess technical acumen and ability to understand and interpret technical specifications

All candidates will demonstrate:

  • Excellent written and oral communication skills.
  • Excellent interpersonal skills.
  • Ability to conduct and direct research into IT issues and products as required.
  • Ability to present ideas in business-friendly and user-friendly language.
  • Highly self-motivated and directed.
  • Keen attention to detail.
  • Proven analytical, evaluative, and problem-solving abilities.
  • Ability to effectively prioritize and execute tasks in a high-pressure environment.
  • Exceptional customer service orientation.
  • Extensive experience working in a team-oriented, collaborative environment.

Work Conditions

  • The SOC operates on a 24/7 basis and the role will be required to operate on a shift basis
  • The role will be based from the ABF IT Shared Service located in Peterborough
  • Sitting for extended periods of time.
  • Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.
  • Occasional inspection of cables in floors and ceilings.

You must register to apply for this job.

Share: