Tier I SOC Analyst

Job Description

<p>Tier I SOC Analyst - Job Description </p><p><br></p><p><b>Summary/Objective</b> </p><p><br></p><p>Established in 2006, CyberClan’s carefully selected team of experts are capable of solving complex cyber security challenges – keeping data secure and businesses running as usual. CyberClan’s Global Incident Response Teams are available 24/7/365 to leap into action, responding to all cyber attacks with proven defensive methodology, we quickly identify, contain, eradicate and recover from a cyber attack. Our goal is to get businesses fully operational as quickly as possible and to further prevent any downtown or impact to the business operations. </p><p><br></p><p>Our SOC Analysts are our front line of cyber defence: monitoring & assessing cases, mitigating & defending against malicious cyber activity & adapting to an ever-changing threat landscape. Operating as a triage specialist responsible for the monitoring management and configuration of relevant security tools, containing and remediate attacks, as well as preventing intrusion and unauthorized access to critical data and devices.</p><p><br></p><p>This role requires willingness to work shifts (including unsociable hours and bank holidays where these fall into your shift pattern) as part of a 24x7 team.</p><p><br></p><p>Principal Duties and Responsibilities</p><p><br></p><ul><li>Monitor and identify cyber security threats as well as SIEM alerts that pose a risk, or have the potential to pose a risk, to the client.</li><li>Triage alerts & alarms across a broad range of security controls as they come into the SOC & assess urgency to escalate to Tier 2 as appropriate.</li><li>Ensure investigation steps are clearly documented & accurately escalated to Tier 2 when needed.</li><li>Provide Tier 1 case resolution for basic security cases including generating initial reporting, providing follow-ups & requesting information & resolution activity.</li><li>Responsible for providing communication directly with CyberClans’ customers regarding security incidents, where threats appear & other related topics.</li><li>Responsible for producing & maintaining documentation relevant to both the SOC & position.</li><li>Responsible for updating & offering continual improvement to the knowledge base.</li><li>Work with the CyberClan global team when responding to security incidents.</li><li>Support the SOC team research global security events, issues & trends to produce security advisories for customers based on findings.</li><li>Responsible for managing & configuring security monitoring tools.</li><li>Investigating intrusion attempts & performing in-depth exploit analysis.</li><li>Conducting cyber threat research & analysis for purposes of improving the strength of network security.</li><li>Assist with defining, testing & operating new ways of working with new technology solutions or processes supplied to the SOC team.</li><li>Provide analytical feedback on client network traffic patterns related to malware & other network threats.</li><li>Accept, manage & update service requests & incidents to ensure contracted Service Level Agreements are met.</li><li>Continuously develop both technical and personal skills required within the role and assist with development of other staff.</li><li>Proactively support business KPIs.</li><li>Understand & comply with all Information Security & company policies.</li><li>Interact with strategic incident response & threat intelligence vendors.</li><li>To undertake other responsibilities, training & tasks as reasonably requested by line management.</li><li>Undertake periodic assurance reviews & produce associated reporting as required.</li><li>Participate in CyberClan internal security awareness initiatives & other training requests</li></ul><p><br></p><p>Personal Specifications:</p><p>Qualifications:</p><ul><li>Minimum of a bachelor's degree in a relevant field (e.g., Computer Science, Information Technology, Cybersecurity) or equivalent work experience.</li><li>Security+ certification or equivalent (e.g., CompTIA CySA+, GSEC)</li><li>ITIL Foundation</li></ul><p><br></p><p>Skills, Knowledge and Experience:</p><ul><li>Knowledge and experience of SOC tooling to identify threats.</li><li>Experience of collaboration tools</li><li>Keen analytical mind and approach</li><li>Previous experience of SOC analysis beneficial</li><li>Proactively shares own expertise with others</li><li>Knowledge and experience of IT systems, networking and security threat landscape including:</li><li>Network fundamentals for example OSI stack, TCP/IP, DNS. HTTPS, firewall logs</li><li>Cloud technologies (AWS, Google Cloud, Azure)</li><li>Active Directory, Group Policies, PowerShell</li><li>Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption)</li><li>IDP/IPS Systems</li><li>SIEM tools</li><li>SOAR is an added advantage</li><li>Knowledge of malware capabilities, attack vectors and impact.</li></ul><p><br></p><p>Personal Qualities:</p><ul><li>Excellent interpersonal & customer service skills</li><li>Ability to communicate technical information to non-technical stakeholders</li><li>Genuine enthusiasm and drive to work within cyber security</li><li>Good written skills to write explanations of systems, regulations and or procedures</li><li>Ability to identify and suggest continual improvement</li><li>Good analytical and problem-solving skills</li><li>Ability to adapt to organisational change, work unsupervised & under pressure</li><li>Proven ability to manage varied workload</li></ul><p><br></p><p>This role may require a flexible work schedule, including shifts, weekends, and evenings. We strive to provide fair scheduling practices while fostering a collaborative work environment.</p>