SENIOR ASSOCIATE (SOC Lead Engineer), London UK (Hybrid)
WHO WE ARE
S-RM is a global intelligence and cyber security consultancy. Since 2005, we’ve helped some of the most demanding clients in the world solve some of their toughest information security challenges.
We’ve been able to do this because of our outstanding people. We’re committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success.
But we also know that work isn’t everything. It’s about the lives and careers it helps us build. We’re immensely proud of this culture and we invest in our people’s wellbeing, learning, and ideas every day.
We’re excited you’re thinking about joining us.
WORKING IN CYBER AT S-RM
Our Cyber Security division is the fastest-growing part of S-RM. The cyber sector is always evolving, and our Advisory, Ethical Hacking, and Incident Response practices are in more demand than ever.
We’re building a team to meet this challenge. We’re quick to respond, innovate, and improve. We don’t get too hung up on hierarchy or bureaucracy. If your ideas are good enough, we’ll empower you to implement them. If you’re the best person to talk to a customer, you’ll get that opportunity, regardless of the title in your email signature. And when you need a hand, your team will always have your back.
We also don’t believe there’s a typical cyber security professional. We’ve built a team of intelligence analysts, technical specialists, software developers, investigators, risk managers, and more. You’ll always find a range of perspectives and expertise to help you learn and grow.
If that sounds like your kind of team, we’d like to hear from you.
THE ROLE
Our Security Operations Centre is a critical part of our Cybersecurity division’s success.
As a Senior Associate (SOC Lead Engineer), you will deploy your cybersecurity expertise in a senior delivery role across our managed detection and response services.
In this role, you will design, implement, and maintain the infrastructure and tools that power our Security Operations Center (SOC). The ideal candidate will have strong expertise in security platforms such as SIEM, SOAR, EDR, and other advanced security technologies. You will play a critical role in optimising the SOC’s technology stack, automating processes, and ensuring that detection and response capabilities are continuously enhanced. This hybrid role involves both remote work and some in-office presence for collaboration and strategic projects; occasional travel to our overseas SOC locations may also be required.
Delivery
- SOC Engineering Leadership: Be the go-to source of deep technical advice for SOC analysts and manager. Contribute to the technology roadmap and development strategy. Lead the deployment and integration of new security tools and technologies, ensuring seamless integration with existing systems.
- System Implementation: Design, configure, and maintain key security tools such as SIEM, EDR (including SentinelOne, and Microsoft Defender for Endpoint), ensuring optimal performance and integration.
- Automation: Develop and implement automation scripts and workflows to improve the efficiency of security monitoring, incident detection, and response processes.
- Detection Tuning: Continuously refine and optimise detection rules, alerts, and thresholds to reduce false positives and enhance the accuracy of threat detection.
- Infrastructure Support: Maintain and troubleshoot SOC infrastructure, ensuring high availability, performance, and scalability.
- Incident Support: Provide technical support during security incidents, assisting the SOC analysts with in-depth log analysis, root cause investigation, and forensics.
- Monitoring and Metrics: Regularly monitor and assess the health of security tools and generate reports on tool performance, incident trends, and overall SOC effectiveness.
- Vendor Relationships: Liaise with vendors to ensure effective support, manage updates and stay informed of new features or advancements in security technologies.
- Participation in an OOH On-Call Rota: 1 week in every 4.
Growth of the service
- Capability and Service Development: Contribute to and implement the SOC technology roadmap to enhance security monitoring, incident detection, response, and threat hunting capabilities.
- Collaboration: Collaborate with SOC analysts, security engineers, and IT teams to ensure seamless operation of security tools and alignment with broader cybersecurity practices.
- Security Enhancements: Identify areas for improvement in security monitoring and response capabilities, proposing and implementing new solutions where appropriate.
- Threat Intelligence Integration: Work closely with the threat intelligence team to integrate new threat intelligence feeds into detection tools and response processes.
- Technology Management: Work with our technical team on the wider technology roadmap and with vendors to assess new tools and services and stay up to date on the latest capabilities.
- Training and Mentoring Staff: Be a source of advice and knowledge to enhance the technical and professional skills of SOC team members.
- Collaborating with Global Teams: Work closely with other cyber security teams to ensure seamless integration of SOC operations with our broader cybersecurity initiatives and business units especially Incident Response.
- Contributing to Internal Technical Development Initiatives: When the schedule allows, you will have opportunities to participate in and contribute to internal technical development initiatives, enhancing our tools, processes, and overall incident response capabilities.
WHAT WE’RE LOOKING FOR
Candidates with the following qualifications and experience are likely to succeed in our Managed Services practice at S-RM.
That said, if you don’t think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box—we’re looking for candidates that are particularly strong in a few areas and have some interest and capabilities in others.
We nurture a culture of equality, diversity and inclusion and we are dedicated to developing a workforce that displays a variety of talents, experiences and perspectives.
We’re looking for:
- Qualifications: A Bachelors or Masters degree in a relevant subject, for example cybersecurity, computer science;relevant industry certifications are advantageous, including any of the following: CISSP, CISM, GCFA, GSOC, GREM, GCWN, GCED, CCNA, OSCP, Network+ and Security+
- Experience: 5+ years of experience in security engineering or a similar technical role within a SOC environment.
- Technical Expertise: Strong expertise in managing and configuring security platforms, including SIEM, SOAR and EDR tools
- Automation: Experience with security automation, using scripting languages (e.g. Python, PowerShell) to develop custom workflows and integrations.
- System Engineering: Knowledge of infrastructure and network security principles, including system hardening, log management, and forensic tools.
- Approach: An investigative mindset. You should be comfortable solving problems with limited information and guidance.
- Threat intelligence: Some demonstrable knowledge of cyber threat actors, and their tactics, techniques, and procedures.
- Threat Detection: Understanding of security monitoring, threat detection techniques, and the ability to fine-tune detection systems for optimal performance.
- Communication: Clear and concise communication skills, with the ability to work effectively across teams;you should be able to communicate your technical findings for a non-technical audience in a professional setting.
The successful candidate must have permission to work in UK by the start of their employment.
