As a SOC Analyst you will play a crucial role in strengthening the organisation's overall cybersecurity posture. You will be responsible for the monitoring, analysis, and response to security incidents and events.
As an escalation point for R1 analysts, you will provide guidance and mentoring on complex security events, assist in tuning detection capabilities, and contribute to process improvements. Your expertise will also support data assurance, threat hunting, and vulnerability management, ensuring proactive defence against evolving cyber threats.
This role requires strong analytical skills, technical proficiency, and a commitment to continuous learning in a dynamic security environment.
Threat Detection and Monitoring:
- Monitor the SOAR platform for SIEM Logs and bespoke logs from the customer.
- Identify potential threats, vulnerabilities, and indicators of compromise.
- Initiate escalation procedures to counteract potential threats and vulnerabilities.
- Ability to analyze and interpret threat intelligence feeds and implement protective measures accordingly.
Incident Remediation and Documentation:
- Act as an escalation point for R1 analysts, providing technical guidance on complex security incidents.
- Escalate to Team Lead or senior analyst should further clarification or four eyes be required.
- Provide incident remediation and prevention recommendations to customers using established procedures and analyst experience.
- Document and adhere to security monitoring processes.
- Suggest process and procedure improvement based on working requirements to streamline processes.
Customer Service and Escalation:
- Exceed customer expectations by always delivering exceptional customer service.
- Serve as an escalation point for junior and R1 team members, offering assistance and mentorship as needed.
- Contribute to the creation and maintenance of security documentation, including incident response playbooks, standard operating procedures, and knowledge base articles.
Reporting and Continuous Improvement:
- Compile and review service-focused reports for effective communication.
- Contribute to the creation and maintenance of security documentation, including incident response playbooks, standard operating procedures, and knowledge base articles.
- Act as a mentor to junior R1 analysts.
Threat Analysis and Collaboration:
- Contribute practical insights to the analysis of common security incidents.
- Maintain working relationships with the Analytic Development and Security Engineering teams.
- Collaborate with shift partners to provide a high quality of service.
General Duties:
- Perform additional assigned duties as required.
- Flexibility to quickly learn and adapt to new security tools, technologies, and processes.
- Strong analytical and problem-solving skills.
- Good communication skills, both written and verbal.
- Ability to work collaboratively as part of a team.
- Keep up to date with latest emerging threats and APT groups.
- Ability to be a mentor to junior analysts.
Minimum Requirements
Network, Cloud and OS Knowledge:
- Understanding of common network protocols and tools.
- Proficient knowledge of Windows, Linux & MacOS operating systems.
- Understanding of Content Delivery Networks
Customer interaction:
- Experience with documenting both high level and technical customer facing information.
- Confidence providing critical/sensitive information accurately.
- Contacting key stakeholders during major incidents
Incident Analysis and Response:
- Awareness of the MITRE ATT&CK framework
- Pedigree in performing in-depth analysis of security alerts.
- Assess customer impact through investigation and work with senior analysts for resolution.
- Initiate escalation procedure for potential threats
- Ability to interpret threat priority against the cyber kill chain.
- Provide appropriate mitigation and remediation steps.
Desirable Requirements
Tooling
- Hands-on experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, Sentinel, Swimlane) and their use in aggregating and analysing security event data.
- Knowledge of cloud products and log events such as Azure, Amazon Web Services, Google Cloud Platform.
- Proficiency with network analysis tools (Wireshark) to perform PCAP analysis.
Desirable Certifications
- CompTIA Security+
- CompTIA CySA +
- Security Blue Team Level One
- AWS Cloud Practitioner
- Azure Fundamentals
- MAD20 Att&ck Fundamentals
-
Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave differs for SOC shift workers, please speak to your TA partner for more information).
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at:
[email protected]. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.