Security Operations Centre (Soc) Engineer

Job Title:Security Operations Centre (SOC) Engineer
Location: contractual base as 3 Hardman Street, Manchester
Working Model: Primarily remote with very occasional travel once a month
Annual Salary Available: up to £65,000 depending on experience
Reporting to: Defence & Availability Centre (DAC) Manager
Hours: Full time (37.5 hours Monday to Friday), with an on-call requirement.

Main responsibilities

• Manage and configure security tools, ensuring optimal performance. Engineer data feeds into security tooling and regularly conduct data ingest reviews to identify any gaps. Conduct periodic audits of security tool configurations to ensure alignment with security policies and best practice.
• Configure, monitor, and maintain firewall rules and endpoint protection solutions.
• Assist with the creation and optimisation of detection rules and alerts. Fine tool security tool alerts to minimise false positives and enhance detection accuracy. Integrate threat intelligence feeds into security tools for proactive threat detection.
• Plan, scope and execute security audits and assessments. Collaborate with internal and external partners to regularly assess and report on compliance with security standards and implement corrective actions to address compliance gaps.
• Collaborate with incident response teams to provide 3rd and 4th line IR capabilities, act as the point of contact for any 3rd party incident support. This is to ensure a swift and coordinated response to security incidents.
• Assist in the analysis of potential attack vectors and methods employed by threat actors by conduct depth analysis on network traffic and hosts artifacts. Prepare and communicate technical annexes to feed into incident reports.
• Contribute to vulnerability impact assessments, providing security SME assistance to the attack path analysis and review of mitigating controls.
• Work with the change management process to review, test and implement standard, normal and emergency changes.
• Act as a technical escalation point within the DAC Team.
• Provide technical input into our catalogue of DAC runbooks, making sure these are fit for purpose and effective ready for when needed.
• Take part in continuous improvement activities to drive the maturity of and increase the effectiveness of our services.
• Work across IS to explain DAC Engineering service needs in such a way that they can be fed into project workstreams as requirements. Always ensuring they support our operational objectives is key.
• Produce, continually improve, and maintain technical documentation for use within the department to ensure the effective use and management of systems. Follow our operational policies and procedures and provide status updates and other reports to stakeholders as required.
• Work with our supply-chain partners to build productive and valuable relationships which can be used and called upon when needed to support our work.
• Mentor other DAC team members in their area of expertise.
• Engage in various IS and business projects. This involves working closely with project managers, other technical staff, and third-party suppliers.
• Produce, continually improve, and maintain technical documentation for use within the department to ensure the effective use and management of systems.
• Identify and develop positive relationships with others across IS. Collaborate with them in the delivery of our joint work to enhance overall service experience.
• Support the rest of our section by inputting into our strategy, BC and DR plans, service improvement activity, audit evidence, and considerations for upcoming projects and releases.
• Be a member of the IS Operations on call rota.
• Any other reasonable duties as may be assigned from time to time.

Person specification / Essential criteria

• Ability to design and implement innovative approaches for detecting and responding to cybersecurity incidents (e.g. scripting, analytics, automation).
• Proven experience of defending hybrid infrastructure environments, consisting of onpremises and cloud; PaaS, SaaS, IaaS services.
• Hands on technical experience in SOC operations, with specific focus on configuring andoptimising SIEM technologies.
• Extensive experience working with detection and response technologies such as EDR, XDR,SOAR.
• Understanding of the Cyber Kill Chain and MITRE ATT&CK techniques, supported by familiaritywith common and the latest forms of malware.
• Hands on experience in incident and problem management.
• Experience of working with hybrid infrastructure environments, consisting of on premises andcloud; PaaS, SaaS, IaaS services, with a focus on Microsoft Azure.
• Technical experience in a regulated industry and adhering to various standards and bestpractices e.g. NIST, ISO 27001, PCI-DSS, CIS.
• Awareness of the latest technological developments and can easily feed these into their areaof work.

Benefits of working at the GMC
We have a wide range of benefits to help us attract and retain talented individuals like you:

• Annual leave - 30 days a year, plus public holidays. You can also buy and sell annual leave(max. 5 days or pro-rata if for part-time).
• Defined contribution pension scheme - our workplace pension operated by Aviva andmembers receive a 15% employer contribution. If you wish to contribute, deductions aremade from your monthly salary.
• Wellbeing - flexible working opportunities, life assurance cover, income protection cover,private medical insurance with AXA Health, employee assistance programme, cycle to workscheme, eyesight tests, hybrid working arrangements for most roles.
• Learning and development - we offer courses, workshops, and online learning on a varietyof topics from management to wellbeing.
• Other benefits - childcare voucher scheme, discounts scheme, season ticket loans.