-

Cyber Defence Specialist (SOC) | Contract

15/08/2024
  • 6 Month rolling contract with possible extension, excellent rates
  • Hybrid role with 2/3 days in office.
  • Working on a company wide Security uplift

One of Enterprise clients are looking to scale up their internal SOC team by adding a Defence specialist on a contract basis.
 
Security is at the forefront of FY 24/25 with a large amount of funding going into uplifting their Security function throughout the business. This is a great time to be part of a major period of growth. This role will have a large focus about creating a team culture, whilst developing and evolving process’ to defend against all threats.
 
You will be working to enhance the cyber intrusion analysis and investigation capabilities of their SOC. You will be involved in the cybersecurity analysis activities to identify, validate, carefully disrupt, and escalate threats before they do damage. This role will require solid understanding of SIEM technologies and all of its related activities including detection engineering, data onboarding and detection lifecycle.
 
The Cybersecurity Specialist will be expected to drive the process of security detections lifecycle and triage playbooks.
 
Key accountabilities of this role

  • Identify, validate and escalate probably security events in the SIEM platform.
  • Drive the process and maintenance of security detection lifecycle and triage playbooks for all their detection rules.
  • Work with our SIEM specialists to investigate alerts from SIEM and tune the rules to minimise false positives/negatives.
  • Contribute as an analyst in their cyber incident response process.
  • Draw on your experience to suggest techniques for containment and remediation of further threats.
  • Provide specialised senior-analyst support and technical assistance on any major issues and incidents to ensure issues are resolved in a timely manner
  • Analyse intel information to the detection via the threat intelligence platform
  • You have a focus on providing metrics and dashboards to stakeholders.

 
Experience for the role:
 

  • Fundamental understanding in a Security Operation Centre environment.
  • Working experience on any SIEM technologies – We use Splunk
  • Applied knowledge in SIEM query language – Ideally SPL
  • Understanding of Incident Response process’ via framework such as NIST or SANS.
  • Understanding of attacker’s TTPs that could be translated into the detection logic.
  • Documentation skills, with experience developing on cybersecurity playbooks or/and battle cards.
  • The Mitre ATT&CK framework knowledge.
  • Cybersecurity certifications are highly regarded but not a requirement.
Apply now