Bristol
Security
Competitive

About The Role

Claranet Cyber Security is a world class business unit within Claranet, designed to give customers access to market-leading information security services spanning; training, consulting, and managed services.

Claranet is a dynamic company in the corporate IT sector that is growing both organically and through acquisition.  Claranet’s strategy is to build long-term, trusted relationships with its customers by delivering market-leading, integrated managed services.

This is a great opportunity for a SOC Analyst ideally experienced in AlienVault already in an Analyst or Consultant role and/or with demonstrable SIEM experience, to support the SOC services for a global technology company.

The SOC Analyst is responsible for the security analysis, incident classification and incident response actions including notification and alerting. Monitors for possible security incidents, using knowledge of attack types and standard protocol behavior to classify incidents, comment, and provide advice on mitigation or remedial actions to the client.

Analyse, triage and respond to security events, alarms and escalations, acting as the 1st line security event analyst monitoring the Security Information and Event Management (SIEM) system. Providing an initial analysis of event data and network traffic, making security event determinations on alarm severity, escalation, and response routing.

Tier 1 Definition:

Reviews the latest alerts to determine relevancy and urgency. Creates new trouble tickets for alerts that signal an incident and require Tier 2 / Incident Response review. Runs vulnerability scans and reviews vulnerability assessment reports. Manages and configures security monitoring tools (netflows, IDS, correlation rules, etc.).

Tier 2 Definition:

Reviews trouble tickets generated by Tier 1 Analyst(s). Leverages emerging threat intelligence (IOCs, updated rules, etc.) to identify affected systems and the scope of the attack. Reviews and collects asset data (configs, running processes, etc.) on these systems for further investigation. Determines and directs remediation and recovery efforts

Essential duties & responsibilities

  • Responsible for working in a 24x7 Security Operation Center (SOC) environment
  •  Provide analysis and trending of security log data from a large number of heterogeneous security devices.
  • Provide Incident Response (IR) support when analysis confirms actionable incident.
  • Provide threat and vulnerability analysis as well as security advisory services
  • Analyze and respond to previously undisclosed software and hardware vulnerabilities
  • Investigate, document, and report on information security issues and emerging trends.
  • Coordinate with Intel analysts on open source activities impacting SLTT governments.
  • Integrate and share information with other analysts and other teams
  • Other duties as assigned
  • Recommend changes to enhance systems security and prevent unauthorized access client systems.
  • Conduct research and assessments of security events, providing analysis of firewall, IDS, anti-virus and other network sensor produced events, to feed in to SOC reporting activities and improvements.
  • Monitor threat & vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign techniques, lateral movements and extract indicators of compromise.
  • Participate in compliance/vulnerability assessment scanning, and develop mitigation and remediation plans from the assessment findings
  • Document information security operations policies, processes and procedures. Create and update security event investigation notes on open incidents and maintain case data in the incident response management platform.
  • Provide input, as requested, for Security, Risk, Compliance and Service reporting.

About You

Essential

  •  Bachelor's degree in a related field or equivalent demonstrated experience and knowledge
  •  1-3 years' experience as a Security/Network Administrator or equivalent knowledge
  • Knowledge of various security methodologies and processes, and technical security solutions (firewall, SIEM and intrusion detection/prevention systems, vulnerability scanners, etc.)
  • Knowledge of TCP/IP Protocols, network analysis, and network/security applications; and a good background with network troubleshooting and technologies; Firewall configuration, monitoring, network packet capture (tcpdump/wireshark), etc.
  • Excellent understanding of commonly used Internet protocols such as SMTP, HTTP, and DNS
  • Ability to multi-task, prioritize, and manage time effectively
  • Strong attention to detail
  • Excellent interpersonal skills and professional demeanour
  • Excellent verbal and written communication skills
  • Excellent customer service skills
  • Proficient in Microsoft Office Applications
  • Candidate must be eligible to obtain Security Clearance

In addition, the following are highly desirable:

  • SANS Certification
  • CREST Certification
  • Cyber Security Training Certifications
  • Understanding of performing 1st level analysis and interpretation of information from SOC systems; incident identification/analysis, escalation procedures, and reduction of false-positives.
  • Knowledge of multiple operating systems and applicable system administration skills
  • An understanding of threat analysis, threat hunting and intelligence feeds

About Us

Claranet combine pioneering technologies, practices, and expertise to propel our customers ambitions. Through a vibrant customer centric culture of collaboration, learning, and opportunity, we nurture a dynamic community of the best technology and service expertise spanning cloud, cybersecurity, networks, and unified communications. 

Founded in 1996, Claranet has evolved into a multi-disciplinary technology services provider with global reach. The company has annualised revenues of circa £350 million, over 6,500 customers, and more than 2,000 employees in nine countries. In the UK we have over 500 staff working in London, Gloucester, Warrington, Bristol, and Leeds, or as homeworkers.  

Claranet consistently appears in The Sunday Times Top Track 250 as one of the fastest growing privately-owned businesses in the UK. Our international success is driven by local service, out of local offices, using a mixture of local and international infrastructure, including hyperscaler clouds.

Other jobs like this

    Similar

    SOC Analyst

    Bristol
    Security
    Competitive
    Hybrid Cloud
    Competitive plus benefits
    UK/Remote
    Hybrid Cloud
    Competitive