SOC Analyst ( Tier 3 )

The Opportunity

As the SOC Analyst Tier 2 you will be responsible for monitoring, detecting, containing, and remediating security incidents utilizing a suite of security software tools. This critical role supports the internal JLR SOC and directing an outsourced tier 1 2 SOC MSSP to deliver robust security operations.

Key Performance Indicators

• Number of identified vulnerabilities
• Number of vulnerabilities contained
• Number of vulnerabilities mitigated
• Time to detect
• Time to respond
• Time to mitigate

Key Responsibilities:

• Manage a suite of Security Products.
• Evaluates incidents identified by tier 1 analysts
• Uses threat intelligence such as updated rules and Indicators of Compromise (IOCs) to pinpoint affected systems and the extent of the attack.
• Consolidating data from alert triage to provide context necessary to initiate Tier-3 work
• Conduct security research and intelligence gathering on emerging threats
• Can offer SME advice to security driven projects.
• Ability to provide technical and service leadership to T1 analysts
• Good understanding of ITIL processes, including Change Management, Incident Management and Problem Management.
• Contribute to Incident Response investigations working with the Incident Response team.
• Continual development of analysis playbooks and tradecraft
• Proactively contribute to SOC strategy by refining standards, processes and procedures.
• Handle incidents across Windows, Mac, and Linux platforms.
• Develop and improve processes for incident detection and the execution of countermeasures.
• Actively maintains awareness of developments in the intrusion analysis, incident response and information security fields.
• Maintaining SecOps documentation.
• Conduct proactive threat research

Key Interactions

• External Security Operations Centre (currently TCS)
• Manufacturing
• Engineering
• Data Protection Officer / Legal
• Business Protection
• Other IT functions
• GDPR

Knowledge, Skills and Experience

Essential

• Experience working within a SOC / NOC environment
• Experience in handling incident response for large organizations
• Experience in NextGen EPP and EDR such as SentinelOne
• Background in Vulnerability Management such as Qualys
• Customer-oriented, flexible and demonstrated tendency to go above and beyond
• Ability to communicate efficiently with clients and internal team members at all levels and across functional and organizational boundaries.
• Comfortable working against deadlines in a fast-paced environment.
• TCP/IP Networking
• Familiarity with common IDS/IPS and Firewalls
• Incident handling/response.
• Some out of hours work may be required to support incidents and investigations
• Problem solving skills and ability to work under pressure
• Engineering experience supporting the following technologies:
• Tibco logging management.
• SIEM technologies (Exabeam & LogRhythm)
• McAtee ePO

Desirable

• Qualifications:
• CEH
• CompTIA CySA+
• GSEC
• SSCP
• CISSP
• ITIL
• Experience of network-based User Behaviour Analytics (DarkTrace, ArcSight User Behaviour Analytics etc)
• Experience of security assessment and penetration testing tools
• Experience of packet-capture tools and analysis of packet flows

Personal Profile

Essential:

• An individual with a customer first mindset who is easy to do business with and makes people feel special, driven to deliver experiences that are personalised, transparent and dependable.
• An individual who is results driven, demonstrates, tenacity, drive and perseverance, with the ability to deliver in a complex, highly demanding environment.
• An individual with the ability to combine a short term, pragmatic focus with longer term planning
• An individual who is resilient, energetic and enthusiastic, able to deliver results under pressure, whilst responding constructively to challenging new ideas and inputs
• An individual who can challenge existing thinking in a positive way whilst building credibility and trust through experience and personal style
• A good communicator who can communicate complex ideas
• An effective team player, actively leads, develops and supports team members

Desirable

• An individual who enables speed in decision making through establishing alignment, clarity, appropriate resources and sense of urgency whilst bringing others along.