L2 SOC Analyst

Benefits: Private Medical, Pension, 25 days annual leave, Gym Membership, Cycle to Work Scheme, Employee Assistance Programme

Working Hours: between 0700 - 2200 (rotated shift)

What to wear: Smart casual

The Role

The L2 Analyst is responsible for proactively monitoring and triaging operational alerts, ensuring timely investigation and resolution of incidents, and maintaining service stability. Acting as an L2 analyst, the role provides day-to-day operational oversight, coordinates analyst activities, and serves as the escalation point for complex issues.

Role Responsibilities

• Proactive monitoring and response of known and or emerging threats against the network.
• Gathering information about high-value assets, threat landscape, and breach exposure from a myriad array of sources.
• Conducting detailed & comprehensive investigation and triage on wide variety of security events, and implement remediation processes.
• Be comfortable with overseeing shift operations including managing analyst breaks and handling escalations.
• Perform complex data analysis in support of security event management.
• Participation on Incident Response that includes root cause and lessons learned.
• Collaborate with Level 3 analysts, incident responders, engineering team, and customer's security teams to coordinate incident response and remediation efforts.
• Identify opportunities to improve process and/or tools to ensure highest level of quality, including documentation and training sessions.
• Mentor and support junior analysts
• Participate in shifts, on-call and after hours support of incident management.
• Manage Shift resources and activities, supervising, monitoring, mentoring and acting as escalation point for L1s, driving shift metrics and managing shift handovers.
• Performing binary analysis on suspicious files.
• Participation in the development of new SIEM rules and analytics.
• Conduct security research and intelligence gathering in regards to emerging threats and exploits.
• Participate in Customer projects
• Complete monthly reports and handle monthly client meetings

Skills, Knowledge & Experience

• Security/Network operations or engineering
• Administration on Unix, Linux, or Windows
• Proven experience with common security operations systems, Intrusion Detection Systems (IDS/IPS), Security Incident Event Management systems (SIEM), anti-virus log collection systems, vulnerability management, etc.
• Demonstrated experience with a wide variety of security logs to detect and resolve security issues.
• Strong problem resolution, judgment and decision making skills
• Proactive and cooperative relationships exist within own team and other individuals/groups that interface with the team.
• Familiarity with current legal and regulatory requirements around information security and privacy, including PCI, SOX, HIPAA, etc.
• Experience with security events, including large-scale breaches, is a must; as is the ability to identify themes and trends out of large datasets.
• CISSP, GCIA, or GCIH certification required
• BA/BS in Computer Science, Information Security, or related field or three years of equivalent experience

The Interview Process

☎️ Screening call: Phone call with our recruitment team to assess your suitability for the role, but also if the role is right for you