SOC
Analyst

• Understanding of common internet protocols (e.g. TCP/IP, DNS, HTTP, TLS)

• Knowledge of common web application security vulnerabilities

• Ability to analyze intercepted HTTP requests and identify basic security issues

• Familiarity with public cloud environments (e.g. AWS, Azure and GCP)

• Familiarity and demonstrated understanding of the Cyber Kill Chain and/or MITRE ATT&CK Framework

• Understanding and experience working with SIEM and Vulnerability management tools

• Proficiency with common penetration testing tools (e.g. Burp Suite, Kali Linux, Metasploit)

• Strong understanding of Windows, UNIX, and Linux Operating Systems

• Formal training and certification in an IT security related area, OSCP, SANS, CompTIA is desired but not essential

The role requires strong written communication skills for reporting on test findings and liaising with clients on validated exposures. The ability to manage time effectively is essential as testing engagements are typically delivered within a set timeframe and our CST service provides service level agreements for

validating detected security exposures. The most important requirement however is a passion for learning about how systems are compromised, and security exploits are developed.

• We monitor our clients systems both internally and externally to ensure we provide proactive response to potential security issues and detect any threats that have breached security controls.

• A best of breed cloud-based SIEM is used to ingest and analyze events from client environments, in which we use our cloud security knowledge in conjunction with the MITRE ATT&CK Cloud Matrix to detect attacks from highly skilled adversaries. In this roll you will respond to alerts within our established SLAs and investigate complex attack chains to ensure breaches are rapidly discovered and contained.

• Our attack surface management service includes hourly reconnaissance and exposure testing across our client internet attack surface. Using penetration testing techniques, you will also review new endpoints discovered by our platform and validate any security exposures as soon as they are detected.

• Your average day will include the following activities:

• Investigation and response to client SIEM alerts - Ownership through to resolution of managed SIEM alert - Liaison with clients to provide updates on investigation status - Incident closure once appropriate action has been taken - Tuning of client SIEM rules to reduce false positive rate

• Monitoring of client digital attack surface exposures - Ownership through to resolution of customer impacting exposures - Liaison with clients to provide updates on exposure status - Escalation to senior resources for complex exposures - Closure of exposures once appropriate action has been taken - Review of new assets discovered by the attack surface management platform

• Client report writing - Issuing of periodic cyber security reports for managed service clients

• Managed security service projects - Onboarding of new clients to managed services platforms - Integration of new log sources for existing managed SIEM clients - Development of managed incident response playbooks - Other cyber security project work as required