Senior Cyber Security Specialist

We are seeking a Cyber Security Specialist to join our team in the role of Senior SOC Analyst. In this position, you will be responsible for monitoring customer environments, identifying cyber threats, and performing investigation/response activities in line with documented processes.

As a Senior SOC Analyst, you will have both a strong technical focus hands-on and technical focus with broad security knowledge, experience and deep understanding of various SOC domains and incident stages (covering Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned).

The ideal candidate will have experience in dealing with a variety of security cases, strong confidence in recognizing and talking about key skills like network technologies & core internet protocols (DNS/ web / mail), OWASP top-ten, direct experience in driving resolution on security incidents, experience with SIEM and UEBA technologies, SOAR technologies and playbook development, EDR technologies and the MITRE ATT&CK framework and Cyber kill-chain.

You will also have the ability to document and explain technical details clearly and concisely to both technical and non-technical audiences, practical networking experience with a deep understanding of TCP/IP and other network protocols, practical experience with Forensic Incident Response Triage and Investigation techniques and technologies and experience with using and optimising a range of threat intelligence feeds.

This is an excellent opportunity to join a dynamic team and work with leading security technologies to build advanced defences for cyber threats.

Key Responsibilities:

• Mentor and assist in training AARNet SOC Analysts
• Be the first escalation point for SOC Analysts
• Work in close partnership with both internal and external stakeholders; Act as the first point of contact for security incidents and requests into the SOC in line with set SLAs;
• Act as an incident coordinator or problem solver for complex issues/cases and liasing with other teams e.g. incident-response/engineering.
• Refer issues to the SOC Operations Manager when additional support is needed Work closely with the SOC Operations Manager to ensure oversight and support for those on shift at times when the SOC Operations Manager may not be available.Leading continuous improvement initiatives within the team
• Continuously working towards high confidence and high fidelity detection rules leveraging anomalous or suspicious events in collaboration with other SOC team members, including SOC Engineers and Operations;
• Actively contribute to the continuous development of SOC processes and procedures
• Managing quality assurance processes like case reviews for SOC work
• Monitor security cases for the SOC including:
• Conduct proactive monitoring, investigation, and escalation of security incidents;
• Recognise potential, successful, and unsuccessful intrusion attempts and compromises thorough correlation analysis of relevant event detail and summary information;
• Investigate malicious phishing e-mails, domains and IPs using open source and sector intelligence; Provide mitigation guidance and support in response to identified threats;
• Utilise techniques for investigating host and network-based intrusions using SOC technologies;
• Report false positives, detection rule issues and parsing issues to the SOC Engineers and vendors for remediation;
• As a more senior member of the team, take on handling documentation and carrying out advanced processes as needs arise, to resolve difficult cases that exceeds SOC Analyst skillsets following the guidance of the SOC manager.
• Follow all cybersecurity and privacy principles as required by the organisation and customers.

About You:

We celebrate diversity, inclusion, belonging and welcome all people regardless of lifestyle choices, ethnicity, faith, sexual orientation or gender identity.

Our directorate is Cyber Security

Reporting to: SOC Operations Manager

Required qualifications include:

• Experience in dealing with a variety of security cases
• Strong confidence in recognising and talking about key skills like network technologies & core internet protocols (DNS/ web / mail)
• Direct experience in driving resolution on security incidents
• Experience with SIEM and UEBA technologies
• SOAR technologies and playbook development
• EDR technologies
• A thorough understanding of the MITRE ATT&CK framework and Cyber kill-chain
• Ability to document and explain technical details clearly and concisely to both technical and non-technical audiences
• Practical networking experience with a deep understanding of TCP/IP and other network protocols
• Practical experience with Forensic Incident Response Triage and Investigation techniques and technologies
• Experience with using and optimising a range of threat intelligence feeds

Prior experience in working Service provider (SP) or Managed Services provider (MSP) would be beneficial, as well as technical Security Certifications such as SANS GCIA, Expertise on Windows Operating system, Active Directory and a passion for