Security Analyst: 3rd Line

Who we're looking for

The 3rd Line Security Analyst will be responsible for resolving escalated security incidents, managing breaches, performing threat hunting and utilising threat intelligence to inform operational workloads. Working with security engineering and the wider security practice, the 3rd Line Analyst will provide support to our customers to help discover, prioritise and resolve risks to their security posture.
Typical tasks will include triage and remediation of SIEM incidents and alerts, security posture management, documenting customer's infrastructure/assets, threat hunting and threat intelligence. You will work closely with the Service Delivery team to ensure customer security issues are dealt with effectively and to a high level of customer satisfaction.
Exceptional technical product and process knowledge needs to be accompanied by excellent customer service skills, and meticulous attention to detail.

What you'll be delivering

• Perform forensic analysis, triage security incidents, and apply proactive remediation.
• Proactive monitoring and threat hunting.
• Proactive threat intelligence and research.
• Provide technical support and guidance for 1st & 2nd Line SOC Security Analysts and Service Delivery team including out of hours escalations (typically 1 in every 4 weeks, but may be subject to change to cover annual leave/sickness etc).
• Ownership of security incidents and breaches, as well as escalated issues from 1st & 2nd Line SOC Analysts through to resolution.
• Documenting and articulating issues ready for escalation to the SOC Management and Engineering teams.
• Participate in out-of-hours rota to provide an escalation path to 4x4 shift workers.
• Work closely with the Service Desk team for security related escalations.
• Provide feedback and be part of the continuous improvement program.
• Ensure excellent customer satisfaction is achieved.
• Manage customer complaints through to resolution.
• Assist the Service Delivery team with creation and delivery of customer facing reports.
• Play an active role in maturing SOC processes.
• Be accountable for the timely response and progression of incoming requests.

We think you'll be successful in this role if you have some of the following

• Previous SOC experience essential.
• Advanced knowledge and experience with Microsoft Entra, Microsoft Defender for Cloud, Microsoft Defender XDR suite, and Microsoft Intune.
• Advanced knowledge and experience with Microsoft Windows Server and Client operating systems. Linux experience is a bonus.
• Advanced knowledge and experience in networking products and frameworks, such as firewalls, switches, wireless infrastructure, WAF, application gateways and the OSI 7-layer model.
• Advanced knowledge of Kusto Query Language and PowerShell scripting languages required.
• Excellent technical document writing experience (network and traffic flow diagrams, playbook documentation).
• Relevant industry certifications.
• Self-motivated, and organised.
• Ability to cope under pressure and prioritise work accordingly.
• Ability to work to customer and internal deadlines.

What we'll offer in return

In addition to a competitive salary, there are a number of benefits and perks we offer to say thank you for being a part of our journey:

• To work at a 3* World Class Best Company
• Flexibility over where you work with our Winning from Anywhere approach
• 25 days holiday
• Home working allowance paid monthly
• Winning from Anywhere allowance to help your set up at home
• 24/7 GP at hand
• Immediate 24/7 access to an Employee Assistance Programme
• We'll support you when you're not well with our Company sick pay scheme
• Private health insurance after a successful year's service
• Enhanced parental pay and leave, supporting you with those precious life moments
• Access to the Perkbox platform to help make your money go further
• Cyclescheme
• Electric car scheme
• And many more!