Senior SOC Analyst Level 3

What will your essential responsibilities include

• Take full ownership of incidents escalated by Level 2 analysts.
• Conduct complex investigations and provide advice to L2 SOC analysts.
• Develop customized scripts and procedures to automate repetitive tasks and improve the efficiency of incident response activities.
• Provide expert advice on incident remediation and recovery efforts.
• Develop threat remediation strategies.
• Perform proactive analysis of AXA XLs attack surface and advice on potential threats and attack vectors.
• Review and provide feedback on security control capability gaps based on security intrusion trends.
• Create and refine runbooks/playbooks for all alerts.
• On-board log sources and work on log issues.
• Fine-tune EDR and other tooling to exclude noise and false positives.
• Create and fine-tune content in SIEM - correlation rules, Dashboard and Reports.
• Interact with SIEM, EDR and other SOC tooling vendors (TAC Support) to remediate any issues with tooling.
• Monitor API threat detection, reporting and containments.
• Demonstrate experience in conducting digital forensics investigations relating to incident detection and response.
• Responsible for making decisions and identifying required actions. During high-severity security incidents, you will advise the AXA XL Head of SOC, CISO and CSO on appropriate containment, eradication, and remediation measures.
• Provide an after-hours point of escalation for critical incidents.
• Define the operational roadmap and key metrics for incident detection and response.
• Collaborate with internal stakeholders to align on and implement security incident detection and response processes.
• Develop SOC security incident policies and investigation procedures, for use across multiple information systems and teams.
• Conduct compliance monitoring and perform SOC/SIEM security control testing.
• Analyze, define, and manage the delivery of new SIEM rules.
• Conduct use case testing and modify or create as and when required.
• Create new custom detection rules using KQL.
• Design and implement SIEM and EDR enhancements and configurations.
• Manage and represent the Security Operations team on ethical hack exercises. You will report to the Head of SOC.

Required Skills and Abilities:

• Good knowledge of Microsoft Defender and Microsoft Sentinel, including developing complex KQL queries.
• Experience in performing digital forensics investigations.
• Experience in developing scripts (Python, Powershell, etc.) quickly in reaction to incidents.
• Demonstrate experience of good knowledge in information security principles applied to architecture, networks & systems, digital forensics, security risk assessments and software development).
• Good knowledge and understanding of technologies utilized in cyber security (SIEM, SOAR, Firewalls, IAM, IDS/IPS, Anti-malware, End Point Protection, Database Security, Threat management/intelligence).
• Actionable knowledge of MITRE ATT&CK framework.
• Effective knowledge of exploitable vulnerabilities and remediation techniques.
• Experience in automating manual processes for responding to security incidents.
• Experience in threat intelligence and CERT/CSIRT activities.
• Knowledge of current threat actor techniques.
• Understanding of threat landscapes and threat modelling, security threat and vulnerability management, and security monitoring.
• Awareness of tools and techniques used by attackers to enter corporate networks, including common IT system flaws and vulnerabilities.

Desired Skills and Abilities:

• Excellent troubleshooting and critical thinking skills.
• Experience in SOC documentation development.
• Demonstrated experience in communicating complex security concepts, both verbally and in writing, to a variety of audiences.
• Must take ownership of tasks and demonstrate a high degree of autonomy to ensure completion.
• Must be personable and foster good stakeholder and peer group working relationships.
• Certifications such as CISSP, GIAC, CEH or other.