Tier I SOC Analyst

Tier I SOC Analyst - Job Description

Summary/Objective

Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber attacks with proven defensive methodology, we quickly identify, contain, eradicate and recover from a cyber attack. Our goal is to get businesses fully operational as quickly as possible and to further prevent any downtown or impact to the business operations.

Our SOC Analysts are our front line of cyber defence: monitoring & assessing cases, mitigating & defending against malicious cyber activity & adapting to an ever-changing threat landscape. Operating as a triage specialist responsible for the monitoring management and configuration of relevant security tools, containing and remediate attacks, as well as preventing intrusion and unauthorized access to critical data and devices.

This role requires willingness to work shifts (including unsociable hours and bank holidays where these fall into your shift pattern) as part of a 24x7 team.

Principal Duties and Responsibilities

• Monitor and identify cyber security threats as well as SIEM alerts that pose a risk, or have the potential to pose a risk, to the client.
• Triage alerts & alarms across a broad range of security controls as they come into the SOC & assess urgency to escalate to Tier 2 as appropriate.
• Ensure investigation steps are clearly documented & accurately escalated to Tier 2 when needed.
• Provide Tier 1 case resolution for basic security cases including generating initial reporting, providing follow-ups & requesting information & resolution activity.
• Responsible for providing communication directly with CyberClans’ customers regarding security incidents, where threats appear & other related topics.
• Responsible for producing & maintaining documentation relevant to both the SOC & position.
• Responsible for updating & offering continual improvement to the knowledge base.
• Work with the CyberClan global team when responding to security incidents.
• Support the SOC team research global security events, issues & trends to produce security advisories for customers based on findings.
• Responsible for managing & configuring security monitoring tools.
• Investigating intrusion attempts & performing in-depth exploit analysis.
• Conducting cyber threat research & analysis for purposes of improving the strength of network security.
• Assist with defining, testing & operating new ways of working with new technology solutions or processes supplied to the SOC team.
• Provide analytical feedback on client network traffic patterns related to malware & other network threats.
• Accept, manage & update service requests & incidents to ensure contracted Service Level Agreements are met.
• Continuously develop both technical and personal skills required within the role and assist with development of other staff.
• Proactively support business KPIs.
• Understand & comply with all Information Security & company policies.
• Interact with strategic incident response & threat intelligence vendors.
• To undertake other responsibilities, training & tasks as reasonably requested by line management.
• Undertake periodic assurance reviews & produce associated reporting as required.
• Participate in CyberClan internal security awareness initiatives & other training requests

Personal Specifications:

Qualifications:

• Minimum of a bachelor's degree in a relevant field (e.g., Computer Science, Information Technology, Cybersecurity) or equivalent work experience.
• Security+ certification or equivalent (e.g., CompTIA CySA+, GSEC)
• ITIL Foundation

Skills, Knowledge and Experience:

• Knowledge and experience of SOC tooling to identify threats.
• Experience of collaboration tools
• Keen analytical mind and approach
• Previous experience of SOC analysis beneficial
• Proactively shares own expertise with others
• Knowledge and experience of IT systems, networking and security threat landscape including:
• Network fundamentals for example OSI stack, TCP/IP, DNS. HTTPS, firewall logs
• Cloud technologies (AWS, Google Cloud, Azure)
• Active Directory, Group Policies, PowerShell
• Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption)
• IDP/IPS Systems
• SIEM tools
• SOAR is an added advantage
• Knowledge of malware capabilities, attack vectors and impact.

Personal Qualities:

• Excellent interpersonal & customer service skills
• Ability to communicate technical information to non-technical stakeholders
• Genuine enthusiasm and drive to work within cyber security
• Good written skills to write explanations of systems, regulations and or procedures
• Ability to identify and suggest continual improvement
• Good analytical and problem-solving skills
• Ability to adapt to organisational change, work unsupervised & under pressure
• Proven ability to manage varied workload

This role may require a flexible work schedule, including shifts, weekends, and evenings. We strive to provide fair scheduling practices while fostering a collaborative work environment.