Security Operations Centre Engineer (SOC)
Location: Manchester, Hybrid
Salary: Up to £65K DOE
The SOC Engineer is responsible for delivering 3rd line hands-on technical expertise to support our client in defending our systems from attack whilst maintaining their high availability. They will work within the DAC – a combined Security Operations Centre (SOC) and Network Operations Centre (NOC) to deliver the day-to-day operations of the team.
The DAC team are responsible for leading major incidents, detecting, triaging, and resolving events, managing our threat intelligence activities, ensuring that availability and capacity management targets are met, whilst maintaining visibility and compliance across the organisation.
The SOC engineer role is to assess, implement, configure, and optimise our technical security controls, tools, and data feeds to maintain and continuously improve the visibility across their environments. Lead initiatives to improve the security posture and respond to incidents, problems and change requests from a cyber defence perspective.
Requirements:
- Ability to design and implement innovative approaches for detecting and responding to cyber security incidents (e.g. scripting, analytics, automation).
- Proven experience of defending hybrid infrastructure environments, consisting of on premises and cloud; PaaS, SaaS, IaaS services.
- Hands on technical experience in SOC operations, with specific focus on configuring and optimising SIEM technologies.
- Extensive experience working with detection and response technologies such as EDR, XDR, SOAR.
- Understanding of the Cyber Kill Chain and MITRE ATT&CK techniques, supported by familiarity with common and the latest forms of malware.
- Hands on experience in incident and problem management.
- Experience of working with hybrid infrastructure environments, consisting of on premises and cloud; PaaS, SaaS, IaaS services, with a focus on Microsoft Azure.
- Technical experience in a regulated industry and adhering to various standards and best practices e.g. NIST, ISO 27001, PCI-DSS, CIS.
Main Responsibilities:
- Manage and configure security tools, ensuring optimal performance. Engineer data feeds into security tooling and regularly conduct data ingest reviews to identify any gaps. Conduct periodic audits of security tool configurations to ensure alignment with security policies and best practice.
- Configure, monitor, and maintain firewall rules and endpoint protection solutions.
- Assist with the creation and optimisation of detection rules and alerts. Fine tool security tool alerts to minimise false positives and enhance detection accuracy. Integrate threat intelligence feeds into security tools for proactive threat detection.
- Plan, scope and execute security audits and assessments. Collaborate with internal and external partners to regularly assess and report on compliance with security standards and implement corrective actions to address compliance gaps.
- Collaborate with incident response teams to provide 3rd and 4th line IR capabilities, act as the point of contact for any 3rd party incident support. This is to ensure a swift and coordinated response to security incidents.
- Assist in the analysis of potential attack vectors and methods employed by threat actors by conduct depth analysis on network traffic and hosts artifacts. Prepare and communicate technical annexes to feed into incident reports.
- Contribute to vulnerability impact assessments, providing security SME assistance to the attack path analysis and review of mitigating controls.
- Work with the change management process to review, test and implement standard, normal and emergency changes.
- Act as a technical escalation point within the DAC Team.
- Provide technical input into the catalogue of DAC runbooks, making sure these are fit for purpose and effective ready for when needed.
- Take part in continuous improvement activities to drive the maturity of and increase the effectiveness of our services.
- Work across IS to explain DAC Engineering service needs in such a way that they can be fed into project workstreams as requirements. Always ensuring they support operational objectives is key.
- Be a member of the IS Operations on call rota.
If this role sounds interesting and relevant, please apply.