Job Title: L3 SOC Analyst
Location: London (hybrid)
Salary: £61,300 - £71,300
Benefits: to be discussed
DWH Recruitment is representing a global accounting and business advisory firm in search for a L3 SOC Analyst to join their Digital Risk Advisory Services.
They're a dynamic team of internal auditors, accountants, technology, and business transformation experts with disciplines in finance, risk, projects and change, cyber and digital, amongst others.
The team helps clients manage their business-critical threats, such as cyber events, and build resilient businesses capable of responding to internal and external events which may interrupt their operations.
Their Digital Advisory business has been experiencing double digit growth consistently for the past three years.
This role involves supporting the delivery of managed detection and response (MDR) services through our client's Digital's global 24/7 MDR capability.
Responsibilities
- Respond to alerts raised by L1/L2 analysts, as the technical escalation point
- QA of investigations and notification and direct L1/L2 accordingly
- Perform detailed analysis and undertake an in-depth investigation into potential and confirmed security incidents
- Raise incidents where necessary and supporting the SOC manager throughout true positive incidents
- Conduct threat hunting across client environments
- Conduct investigations in support of incidents or key client requests
- Review and action alerts flagged as tuning candidates
- Lead the overall technical delivery of new SOC/MDR projects, being onboarded into the service.
- Respond to SOC/MDR client’s requests, concerns and suggestions
- On-board log sources and work on any potential log issues.
- Fine-tune the SIEM/EDR platforms to exclude noise and false positives
- Analyse, define and manage the delivery of new monitoring rules
- Conduct use case testing and modify/create as and when required
- Support UK operations manager in client engagements and/or service meetings
- Support and develop new SOC playbooks and processes
- Conduct presentations and updates to the client
- Respond to incident escalations and provide solid recommendations
- Conduct threat hunting exercises on SIEM and EDR platforms
- Develop and improve processes for monitoring and incident qualification
Requirements:
Essential:
- +5 years’ experience as a SOC Analyst
- Experience onboarding, tuning, reporting and configuring SIEM solutions
- In-depth experience with Microsoft Sentinel, including use case and rule development, workbook/playbook creation, KQL, logic apps/SOAR.
- Understanding of low-level concepts including operating systems and networking.
- Understanding of one or more system administration (Linux, Windows, Mac)
- Actionable knowledge of MITRE ATT&CK framework.
- Excellent interpersonal skills with the ability to explain technical problems to non-technical business stakeholders at all levels
- Training and coaching skills to support more junior team members
Qualifications
- Experience with various Microsoft technologies, including Microsoft Defender for Endpoint, Identity and Cloud.
- Related Microsoft Certifications (SC-200, AZ-900)
- Cyber Security Certifications such as CISSP, Security+, CySA +
