SOC Analyst

SOC Analyst

Whitehall Resources are currently looking for a SOC Analyst based in London (remote initially) for an initial 3-6 month contract.

Main Responsibilities:

– The successful candidate should have a strong understanding of security operations concepts, vulnerability management and incident remediation within a complex global organization.
– This role works closely with the Incident Response and Threat Intelligence teams to assist in addressing threats among our member firm network and coordinating processes, procedures and practices to improve our defences.
– Responsible for leading efforts to identify incident trends and opportunities to mitigate the risk of future incidents.
– Serves as an internal information security expert to the client, advising the organization with current information about information security technologies, new security threats or issues related to the enterprise network environment.
– Monitor multiple security alert sources, eliminate false positives, based on impact and nature of the Security Incident triage significant security events and escalate according to the established procedures.
– Initiates action to remediate any discoveries that pose a threat to the environment.
– Malware Analysis: Analyse, evaluate, and document malicious code behaviour. Analysis will include static and dynamic analysis using industry standard tools and techniques, identifying exploit methods and targeted vulnerabilities where applicable.
– Participate in all the phases of security incident response process, including detection, containment, eradication, and post-incident reporting.
– Responsible for management of networking security and monitoring tools.
– Demonstrate capabilities and techniques that can be used to mitigate Cyber-attacks and threats.
– Demonstrate the capability to utilize the Security Tools to investigate and correlate events.
– Maintain a strong awareness of the current threat landscape.
– Create knowledge base articles for handling severity incidents.

Key Responsibilities:
– Supervise monitoring of security events and alerts received from MSSP / security tools / Service Desks.
– Configuring and creating the correlation rules and managing Splunk/QRADAR/Arc Sight SIEM environments.
– Threat hunting
– Provides on-call security support for the company.
– Manage end user reported incidents.
– Responsible for the second line of security incident response
– Proactively hunting for suspicious activity based on anomalous activity.
– Serve as the technical escalation point for MSSP
– Report potential and actual security violations and provide recommendations.
– Communicate directly with end users and asset owners.
– Perform in-depth analysis of log files, systems, and network traffic.
– Maintain a strong awareness of the current threat landscape.
– Create knowledge base articles for handling severity incidents.
– Provide incident investigation, handling, and responses to include incident documentation.
– Documents solutions to past incidents and keep track of resolution processes
– Chase for remediation activities to avoid further incidents
– Reports to the head of Global SOC, in Global IT / Global Infrastructure function

– SIEM (Security Information Event Management) monitoring
– IDS/IPS (Intrusion Detection System/Intrusion Prevention System) monitoring
– Experience with Azure Log Analytics and Azure Sentinel
– Hands on experience Splunk/QRADAR/Arc Sight SIEM environments.
– Must have expert networking protocol knowledge
– Prior experience detecting, analysing and/or responding to security incidents
– Hands-on experience with common security technologies (IDS, Firewall, SIEM, etc.)
– Knowledge of Vulnerability Assessment and Network Penetration Testing Process and tools such as Found stone/Qualys Guard/ Nessus
– Excellent attention

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.