Apply for this job now

SOC Security Engineer

Location
Corsham, Wiltshire
Job Type
Contract
Posted
16 Sep 2022
SOC Security Engineer (Incident & Vulnerability) (On-site) Security Clearance required Our client, a market leading multinational technology company are looking for a SOC Security Engineer, to join them in Corsham. Role Overview: The SOC Security Engineer (Incident & Vulnerability) - L3 is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Engineer (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level. Role responsibilities: The day-to-day maintenance of the SOC PROTECT, DETECT and RESPOND tool sets. Support to the development, implementation, and configuration of new or revised SOC tooling. Optimisation and automation across tooling to fully support the PROTECT, DETECT and RESPOND functions. Full tooling visibility, and independent assurance, that all assets are visible and managed within the OpNET DCO security wrap. Responsible for vulnerability scanning tooling, planning, and contribution to wider SOC strategy. Responsible for integration of standard and non-standard logs in SIEM. Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems. Ensuring vulnerability identification (including IOCs), assessment, quantification, reporting, ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring. Reviews and response to request for changes to SOC tooling, logging and monitoring. Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules. Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs). Conducting forensic analysis on systems and engaging third-party resources as required. Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring. Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives. Initiation of corrective action where required. Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.Skills required Active Security Clearance required Strong hands-on experience in the implementation, maintenance and configuration of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onionv2). Experience in forensics, malware analysis, threat intelligence. Exposure and hands on experience of a variety of SIEM and SOAR platforms (including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee EPO, Tanium, Tripwire and Whats Up Gold). Ability to understand, modify and create threat detection rules within SIEM. Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards. Knowledge and experience with the Windows and Linux operating systems. Experience using Python, Perl, PowerShell, BASH or an equivalent language. Experience with network forensics and associated toolsets and analysis techniques. Ability to reverse engineer malware and then creating IOCs and rules for the SIEM. Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc. Able to tune correlation rules and outcomes via SIEM and SOAR platforms. Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs). Understanding of intrusion detection systems, web application firewalls, and IP reputation systems. Technical understanding of current cybersecurity threats and trends. MITRE ATT&CK adversarial framework. ITILv3/v4 Foundation.Desirable qualifications: CompTIA A+. CompTIA Security+. CompTIA CySA+. CompTIA PenTest+ SANS 504 - Incident Handling. SANS 511 - Continuous Monitoring. If you feel you have the relevant experience and skills required, please do not hesitate to apply now
Apply for this job now

Details

  • Job Reference: 714019161-2
  • Date Posted: 16 September 2022
  • Recruiter: Experis
    Experis
  • Location: Corsham, Wiltshire
  • Salary: On Application
  • Sector: I.T. & Communications
  • Job Type: Contract