Senior SOC Analyst

Senior SOC Engineer

Salary: £60,000 - £75,000

Location: Basingstoke (2x a month)

An established and expanding MSP are looking for an MSP to join the team. As a Senior SOC Analyst, you will be at the forefront of monitoring, investigating, and securing our customers' estates through state-of-the-art tooling. This role would suit an experienced SOC Analyst looking to take the next step in their career or a current Senior Security Analyst looking for their next challenge!

Working closely with our analysts and SOC Operations Management, you will have day-to-day responsibility for responding to incidents, ensuring either their swift resolution or escalation if required and helping to maintain and improve best practice and operational efficiency in everything we do.

Key Responsibilities:

• Drive the development and tuning of security monitoring and detection toolsets, post creation, champion and lead testing and implementation strategies alongside our SOC engineering function to ensure high fidelity rulesets are continually implemented across our customers estates.
• Monitor security alerts and incidents using a wide range of security tools and technologies.
• Produce regular reports and updates on customers security posture.
• Conduct identification, analysis, and qualification of security alerts, escalating internally to Tier 3 and externally to customers where required.
• Participate in SOC improvement projects (tooling, process, increase in SOC coverage).
• Participate in delivering investigation reports, including continual improvement steps to both internal and external stakeholders.

Required technical skills:

• Excellent Knowledge of SIEMs – Focused on day-to-day utilisation with experience in handling critical and high severity incidents from initial detection to resolution, including the general navigation/engineering and creation of rulesets & dashboards aligned to the MITRE ATT&CK framework.
• Preferred vendors: Microsoft Sentinel, Google Chronicle (SecOps), Elastic.
• Excellent Knowledge of EDR/XDR – including incident investigation at a priority 1 and 2 severity and general day-to-day usage alongside best-practice configurations for common toolsets.
• Preferred vendors: CrowdStrike, Microsoft, Palo Alto, SentinelOne.
• Good Knowledge of incident response, aligned to MITRE ATT&CK with a good knowledge of common tactics, tools and techniques attackers utilise in the wild.
• Good Knowledge of VM – including analysis, classification and prioritisation to create tangible and actionable insights.
• Preferred Solutions: Rapid 7, Tenable, Vulcan.
• Good Knowledge of CTI – Including its utilisation within a SOC environment.
• Preferred Solutions: Open CTI, MISP, The Thive, Recorded Future.