L3 SOC Analyst - Microsoft MxDR
Posted on :
10-08-2024
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Job Title: L3 SOC Analyst
Location: London (hybrid)
Salary:
Benefits: to be discussed
DWH Recruitment is representing a global accounting and business advisory firm in search for a L3 SOC Analyst to join their Digital Risk Advisory Services.
Theyre a dynamic team of internal auditors accountants technology and business transformation experts with disciplines in finance risk projects and change cyber and digital amongst others.
The team helps clients manage their businesscritical threats such as cyber events and build resilient businesses capable of responding to internal and external events which may interrupt their operations.
Their Digital Advisory business has been experiencing double digit growth consistently for the past three years.
This role involves supporting the delivery of managed detection and response (MDR) services through our clients Digitals global 24/7 MDR capability.
Responsibilities
- Respond to alerts raised by L1/L2 analysts as the technical escalation point
- QA of investigations and notification and direct L1/L2 accordingly
- Perform detailed analysis and undertake an indepth investigation into potential and confirmed security incidents
- Raise incidents where necessary and supporting the SOC manager throughout true positive incidents
- Conduct threat hunting across client environments
- Conduct investigations in support of incidents or key client requests
- Review and action alerts flagged as tuning candidates
- Lead the overall technical delivery of new SOC/MDR projects being onboarded into the service.
- Respond to SOC/MDR client s requests concerns and suggestions
- Onboard log sources and work on any potential log issues.
- Finetune the SIEM/EDR platforms to exclude noise and false positives
- Analyse define and manage the delivery of new monitoring rules
- Conduct use case testing and modify/create as and when required
- Support UK operations manager in client engagements and/or service meetings
- Support and develop new SOC playbooks and processes
- Conduct presentations and updates to the client
- Respond to incident escalations and provide solid recommendations
- Conduct threat hunting exercises on SIEM and EDR platforms
- Develop and improve processes for monitoring and incident qualification
Requirements:
Essential:
- 5 years experience as a SOC Analyst
- Experience onboarding tuning reporting and configuring SIEM solutions
- Indepth experience with Microsoft Sentinel including use case and rule development workbook/playbook creation KQL logic apps/SOAR.
- Understanding of lowlevel concepts including operating systems and networking.
- Understanding of one or more system administration (Linux Windows Mac)
- Actionable knowledge of MITRE ATT&CK framework.
- Excellent interpersonal skills with the ability to explain technical problems to nontechnical business stakeholders at all levels
- Training and coaching skills to support more junior team members
Qualifications
- Experience with various Microsoft technologies including Microsoft Defender for Endpoint Identity and Cloud.
- Related Microsoft Certifications (SC200 AZ900)
- Cyber Security Certifications such as CISSP Security CySA
Full right to work CISSP Security+ CySA + MITRE ATT&CK SIEM solutions Microsoft Sentinel SOC Analyst it security operations Microsoft Certifications Microsoft technologies
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
