91±¬ÁÏ

Principal Duties/Responsibilities
?

• Investigate alerts, security incidents and seeking out potential security issues through log analysis, and use of tools such as SIEM, UEBA, EDR, etc.?
• Ensure that there is a timely response to any cyber incidents to minimise the impact to the business, including interacting with different technical teams and business areas where needed.?
• Primary escalation point for complex incidents to conduct investigation, and initiate containment actions required.?
• Escalate high priority or high severity alerts/incidents to escalations team according to the prescribed process.?
• Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope, and nature of incidents.
• Escalation point to provide process and/or technical advice for Level 1 analysts.
• Manages shift workload to make sure they are assigned and handled according to KPI targets.?
• Prepare and send the end of shift report to Leadership team.?
• Document, attend and lead the handover call to ensure updates, unassigned tickets, tasks, and incident investigation that needs to be continued by next shift will be communicated.?
• Perform quality audit for tickets that were handled by Level 1s to ensure incidents were handled according to prescribed processes.?
• Recommend alert/s for tuning to minimize false positives and improve the businesses¡¯ security posture against attackers and threats.
• Regularly contribute to the SOC playbooks and knowledgebase with findings from investigations such as different attacker tools, tactics, and procedures which can be applied to future investigations.?
• Help deliver training to mature skills of new joiners or colleagues.

What you will need:

• You will be working as part of a 24/7 SOC across different locations and therefore you must be a true team player, with the ability and desire to engage with different internal stakeholders and colleagues to deliver the very highest standards of service and support.?
• 4 - 7 Years¡¯ Experience working as part of a mature cyber defence centre or security operations centre.?
• To be effective, you need to have great troubleshooting skills, the ability to research problems and the ability to effectively communicate during stressful times, while keeping a cool, calm, and friendly approach when dealing with stakeholders and colleagues.
• Solid time management skills and be dependable.?
• Hands on experience of using a SIEM, UEBA, and EDR as a Level 2 security analyst.?
• Leading Investigations and comfortable talking to stakeholders and colleagues on both a technical and non-technical level
• Great verbal and written communication skills, and the ability to write reports in a structured methodology.?
• BSc/MSc in a security field or equivalent experience working within a security related function.?
• To be inquisitive, with a strong sense of personal responsibility for learning and self-development.?
• Being able to identify common attack techniques within the context of specific technologies.?
• Working knowledge of networking protocols/technologies (e.g. TCP, IP, HTTP/HTTPS).?
• Working knowledge of Unix, Linux, and Windows operating systems.

Beneficial:?

• Any relevant security certifications (SSCP, OCSP, Security+, CySA+, etc.).?
• Any relevant network certifications (Network +, CCNA, etc.).?
• Knowledge of other key IT fields (such as Web Applications, databases, Active Directory, network security systems such as web proxies, firewalls & data loss protection).?
• Exposure to attack and penetration methods and tools.?
• Working knowledge of scripts, tools, or methodologies to enhance our incident investigation and processes (such as Python, PowerShell, etc.).

91±¬ÁÏ is an Equal Opportunity Employer