Senior Security Operations Analyst

**Your opportunity**

The Senior Security Operations Analyst, is a hands-on role that manages our MSSP Security Operations Centre (SOC), progresses cybersecurity incidents as they occur and manages our vulnerability management service. Other Security Operations services will be added to this service as it evolves. You will work with our wider Security domain (18-20 people) within an organisation that houses 800 people, 250+ within tech.

**What you'll be doing**
- Work as a senior member of the team to support the SOC to deliver effective services
- Working with our SOC, identify and respond to cyber security threats and incidents
- Working with our Security Engineering function refine our toolsets and configuration
- Proactively search for those threats not easily detected by existing use cases
- Define monitoring use cases and develop prototype rules eg in response to intelligence or gaps in defences
- Participate and in some cases, lead incident response activity eg taking active actions to help contain threats, facilitating forensics analysis when necessary and progression of an incident
- Participates in the incident response out of hours roster
- Support the creation, modification and operation of playbook / runbook tasks to ensure investigation and remediation tasks deliver end to end security operations delivery
- Pen testing plan development and delivery with a Managed Service provider
- Cyber Threat Intelligence: Identify potential threats, delivering strategic reports and changes eg use case updates to minimise the impact of the threat.
- Periodically publish and present Threat Bulletins to the business
- Support the creation and testing of business continuity/disaster recovery plans
- Works with the MSSP and their Security Information and Event Management (SIEM)engineering team to manage/tune the system, create/manage the detection content and actively watch for alerts
- Works with all IT teams to manage new service introductions, changes and decommissions to ensure the SOC is monitoring the current environment/attack surface
- Creation of reports, dashboards, metrics for Security Operations and presentation to stakeholders
- Support compliance to SLA, process adherence and process improvisation to achieve operational objectivesProgress work requests that will be raised for the team to fulfil

**What you'll bring**
- Strong experience in working within a Security Operations service with or within a Hybrid SOC Supplier in either a current or previous role
- Experience working with Information and Cyber security, IT audit, Privacy, Enterprise Risk management teams on risk management end to end
- Risk aware and strong customer service ethic
- In-depth knowledge of security concepts such as cyber-attacks and techniques, Threat Vectors, Controls/Compliance, Risk Management and Incident ResponseIn-depth experience with SIEM, EDR, SOAR and SOC Automation development
- Experience working within a DevOps environment and methods
- Service Management experience e.g. working with front line service delivery teams, IT Operations and service targets
- Ideally, strong experience setting up and managing a Vulnerability Management service from scanning to risk management
- Strong experience with regulatory compliance and information security management frameworks (such as International Organisation for Standardisation [IS0] 27001/2, COBIT, National Institute of Standards and Technology [NIST] 800 and Payment Card Industry Data security Standard v3.2.1
- Strong working knowledge of cloud based services, virtualised environments and various Operating Systems, Strong Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, cryptography, Data Loss Prevention (DLP), coding practices, Identity and Access Management (IAM)
- Ideal qualifications, whilst not essential: CISSP, CISM, CISA, CEH, SANS GIAC/GCIH