Home based role Help strengthen our team as our Senior SOC Analyst to work on an exciting Cyber Transformation Project. Home based role.
A great opportunity to join our team as our Senior SOC Analyst to be responsible for handling security incidents received/escalated from the SOC Analyst (Tier 1 or Tier 2) and perform a business impact analysis on the security incident, as well as working on our Cyber Transformation Project.
We are looking for a strong technical background, possibly in IT Engineering or Systems Administration (cloud and on-premises), coupled with security experience to bring a multi-faceted set of skills to Capita's Cyber Security toolsets.
An excellent working knowledge of MS Sentinel is a must from both an operational analyst's perspective and a technologist, whose responsibilities include build, deploy, run and improvement.
Your expertise and experience will have been developed from core IT skills such as Networking, Compute, Database, Scripting languages, and Cloud technology. The role sits across the full end-to-end process of building, delivering, and running Cyber Security Services that leverage Microsoft Security products in addition to market-leading security vendors, thus adaptability and enthusiasm to adopt new challenges and technologies on your own initiative is essential.
You will also support the initial implementation of new security-related Microsoft technologies, including Microsoft Sentinel, MDE, MDI, and Defender for Cloud, as well as undertaking some DevOps tasks.
What You'll Be Doing:
- Oversee completion of day-to-day checklist(s), including log review, management report scheduling & running, alert analysis, and escalation follow-up.
- Perform advanced event and incident analysis, including baseline establishment and trend analysis.
- Manage a number of analysts as part of a virtual team of L1 and L2 analysts, including objectives setting, performance management/reviews, training & development, and BAU activities including shift cover.
- Support on-call arrangements as part of a Rota, to support L1 Analysts working out of hours.
- Support Major Incident Response activity, from a Protective Monitoring perspective, including supporting teams in identification, containment, and remediation of security-related threats.
- Identify opportunities for SOC and client SIEM platform configuration improvements, use case development, monitoring rule creation, tuning & optimization.
- Assist in architectural design to facilitate the onboarding of new information systems, including the assessment, parsing, onboarding of log sources, and use case and rule development.
What we're looking for:
- Experience in managing Microsoft Sentinel as an MSSP, including Lighthouse, and management and multi-customer environments using DevOps.
- Level 3 SOC Analyst / Senior Cyber Security and/or security operations experience.
- Experience with SIEM platforms, including IBM QRadar, Microsoft Sentinel, and LogRhythm.
- In-depth experience with Microsoft Sentinel, including use case and rule development, workbook/playbook creation, KQL & Logic Apps / SOAR.
- Experience of onboarding, tuning, reporting, and configuring SIEM solutions.
- Experience of threat intelligence.
- Leadership and mentoring experience and skills.
- Understanding of low-level concepts including operating systems and networking.
- Commercial experience in Penetration Testing and/or Security Monitoring.
- Understanding of networking and infrastructure design.
- Knowledge/experience of one or more System administration (Linux, Windows, Mac).
- Cyber security degree or equivalent experience.
- Always remaining updated on new threats and developing security standards.
- Excellent interpersonal skills with the ability to explain technical problems to non-technical business stakeholders at all levels.
- Strong written and oral communication skills.
- Active or ability to obtain SC clearance.
Preferred Qualification:
- SANS Certification.
- Experience with NIST assurance/EDR.
- IT Certifications, including Network+, Security+, AZ-500.
- Protective Monitoring / SOC Certifications, including CySA+.
- Cyber Security Certifications, including CISMP, CISSP.
- Experience with various Microsoft Technologies, including Microsoft Defender for Endpoint, Identity and Cloud.
About CapitaTechn