This role will support the Tier 2 & Tier 3 Security Analysts in developing SOC & SOAR functions within Kocho, working closely with other teams as required to build services and solutions in accordance with both security good practice and client assurance requirements, including (but not limited to) Cyber Essentials and ISO27001.
The primary purpose of the Tier 1 Security Analyst roles is to complete all operational SOC and SOAR activities as defined or advised by the Tier 3 Security Analyst and Head of Security Operations. The successful candidate will be responsible for contributing to the efficient and effective day to day running of the SOC considering people, processes and technology, ensuring that all client SLAs are met and acceptable client satisfaction scores are achieved and maintained.
You will be required to assist with support activities, working with members of the Security Operations team to ensure all SOC & SOAR operational tasks are completed on time and work tickets updated / closed with satisfactory technical details included, and where appropriate escalate suspicious / malicious events to senior team members and Kocho or client incident response personnel in order to identify, contain and remediate active threats. You will also be required to maintain operational documentation, as necessary.
Tier 1 Security Analysts will be comfortable engaging at both technical and non-technical levels, participating as required in technical workshops. You will be working in an incredibly passionate environment, with great people in which you can actively contribute to develop and deliver our SOC & SOAR capability.
Key responsibilities of the role
Strategy and Leadership:
- Tier 1 Security Analysts capable of maintaining performance within the Security Operations function.
- Provide information and support contribution on security matters as an Analyst within the Security Operations team.
- Participate in Kocho technical workshops and networking events.
- Ability to understand and support the provision of Kocho security offerings such as Cyber Essentials, ISO27001 consultancy.
- Ability to support the provision of appropriate and proportionate assurance relating to Security Operations managed services.
- Ability to communicate in both technical and non-technical terms, tailoring approach to the audience.
- Self-motivated learner of technologies and methodologies to support best practice.
- Actively contributing to knowledge sharing across the business.
- Gather information to contribute towards major incident handling within the SOC, and where applicable for clients
- Undertake monitoring activities
- Provide “hands on” resource, working to ensure Kocho objectives and client SLA targets are achieved.
- Provide input and assistance for stakeholder communication.
- Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned” following incident investigation (cause and affect).
- Assist in the review of incident closures, post incident reports and act upon improvements identified
- Contribute to team development through knowledge sharing, briefing and production of guides, incident scenarios and playbooks.
- Maintain currency in relation to security concepts, tools and best practices
- Willingness to work on-call or shifts (including unsociable hours and bank holidays) as part of 24x7 team working
- Ability to work effectively with internal systems such as Kimble, Teams, SharePoint and Office365.
- Effective personal resource and time management with a commercial approach to work.
- Working remotely, on client site or other; applying an agile approach to business and client needs.
Delivery and KPIs:
- Contribute to the full lifecycle of client solutions and service offerings, from proposition through to delivery and support.
- Communicate technical solutions in a clear, and concise approach for a variety of audiences from both a technical and business background.
- Contribute to well written and professional documentation, performance and client reports.
- Assist the Tier 2 & 3 Security Analysts and Head of Security Operations in development of new service offerings, procedures, techniques, and policies.
- Promoting and practicing high quality outcomes across all aspects of work.
Skills and experienceEssential
- Demonstrable experience of operating within a security operations function.
- Strong IT Security knowledge, understanding the balance of business objectives and information security.
- A technical understanding of the security components and their impact.
- Good working knowledge of multiple SOC tooling including SIEM / SOAR
- Good understanding of network methodologies and OSI Model layers.
- Good understanding of network technologies, Routers, Switches, Firewalls, ID/IPS, WAF & Proxy’s etc.
- Experience of working at technical levels within a SOC service.
- Demonstrable ability to troubleshoot and fault find technical issues.
- Knowledge of Cyber Essentials and ISO27001:2013 standards
- Good communication and report writing skills.
- Knowledge of Backup and Disaster Recovery methodologies.
- Knowledge of Risk Assessment methodologies.
- Knowledge of Business Continuity methodologies.
- Experience in supporting and assisting a Senior Incident Responder.
- PCI DSS V3 knowledge would be advantageous.
- Experience with or understanding of Microsoft’s security stack, technologies - Microsoft Sentinel, Microsoft Defender suite etc. Microsoft Azure
- Experience with or understanding IT Infrastructure - Windows / Linux Servers, Firewalls etc
Education & qualifications
- ITIL V3
- CompTIA Security (or equivalent)
- CompTIA Network (or equivalent)
- EC SOC Analyst or equivalent