Find More Than 10K+
United Kingdom Jobs

Position Summary

This is a great opportunity for a SOC Analyst ideally experienced in AlienVault, SentinelOne or Microsoft Sentinel. The ideal candidate is already in an Analyst or Consultant role and/or with demonstrable SIEM experience, to support the SOC services for a global technology company.

Role Mission

The SOC is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.

Objectives and Key Results

The SOC Analyst is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behaviour to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.

Analyse, triage and respond to security events, alarms and escalations, acting as the 1st line security event analyst monitoring the Security Information and Event Management (SIEM) system. Providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation, and response routing.

Junior Security Analyst Definition:

Junior Analysts will be responsible for the day-to-day Triage of incidents from customer networks, they are required to analyse security incidents and escalate to the Tier 1 analysts or shift leaders as required. The Junior analyst will be given a steep learning path to develop their skills and knowledge in the subject matter of cyber security working towards becoming a Tier 1 analyst. Additional tasks and responsibilities will be delegated from the Tier 1 analysts, Shift Lead, Senior Analyst‘s (Tier 2) or SOC Team Leader.

Tier 1 Definition:

Reviews the latest alerts to determine relevancy and urgency. Creates new trouble tickets for alerts that signal an incident and require Shift Lead / Tier 2 / Incident Response review. Runs vulnerability scans and reviews vulnerability assessment reports. Manages and configures security monitoring tools (netflows, IDS, correlation rules, etc.).

Tier 2 Definition:

Reviews trouble tickets generated by Tier 1 Analyst(s). Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts

Essential duties and responsibilities

• Responsible for working in a 24x7 Security Operation Center (SOC) environment
• Provide analysis and trending of security log data from a large number of heterogeneous security devices.
• Provide Incident Response (IR) support when analysis confirms actionable incident.
• Provide threat and vulnerability analysis as well as security advisory services
• Analyze and respond to previously undisclosed software and hardware vulnerabilities
• Investigate, document, and report on information security issues and emerging trends.
• Coordinate with Intel analysts on open source activities impacting SLTT governments.
• Integrate and share information with other analysts and other teams
• Other duties as assigned
• Recommend changes to enhance systems security and prevent unauthorized access client systems.
• Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements.
• Monitor threat & vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign techniques, lateral movements and extract indicators of compromise.
• Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
• Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents and maintain case data in the incident response management platform.
• Provide input, as requested, for Security, Risk, Compliance and Service reporting.

Teams to collaborate with

• Customer Experience and Managed Services – ensure we are consistently providing the best service to our customers, proactively monitoring their needs, and integrating their feedback into our future portfolio and propositions.
• Solutions Architecture – support team with technical expertise to help underpin and translate client need and create a design proposal.
• Finance and Corporate Development – contribute to the budget process for portfolio and propositions development.

Behavioural competencies – organisational and behavioural fit

• Excellent understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS
• Ability to multi-task, prioritize, and manage time effectively
• Strong attention to detail
• Excellent interpersonal skills and professional demeanor
• Excellent verbal and written communication skills
• Excellent customer service skills
• Proficient in Microsoft Office Applications
• Candidate must be eligible to obtain Security Clearance

• Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
• 1-3 years' experience as a Security/Network Administrator or equivalent knowledge
• Knowledge of various security methodologies and processes, and technical security solutions (firewall, SIEM and intrusion detection/prevention systems, vulnerability scanners, etc.)
• Knowledge of TCP/IP Protocols, network analysis, and network/security applications; and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/wireshark), etc.

In addition, the following are highly desirable:

• SANS Certification
• CREST Certification
• Cyber Security Training Certifications
• Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives.
• Knowledge of multiple operating systems and applicable system administration skills
• An understanding of threat analysis, threat hunting and intelligence feeds

About Claranet

Founded at the beginning of the dot.com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries.

At Claranet, we’re experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We’re committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.

We are agile, focussed and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.

In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds, or as homeworkers.

Working For Claranet

Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean it). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access.

But what we think makes us different is ‘Team Claranet,’ our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organise key charity fundraising event per year and have a dedicated committee responsible for supporting employee’s fundraising efforts.

Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organisations, we are dedicated to building a more diverse and inclusive workforce. We are also very proud members of Tech Talent Charter, a government supported, industry-led membership group created to address the UK’s tech talent shortage and diversity gap through collective action.

Our Vision

Our vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.