Senior SOC Analyst, Group Tech

Overview:
We are seeking a highly motivated and experienced Senior Security Analyst to join our growing security team. This pivotal role will be responsible for leading our incident investigation and threat hunting efforts, contributing to the continuous improvement of our security posture and mentoring the next generation of security professionals. This pivotal role will be responsible for developing and executing proactive threat hunting strategies across our environment, and driving continuous improvement by tuning detection logic and providing data-driven recommendations to strengthen our overall security posture. This role reports to the Head of SOC.

Responsibilities:

Operational:

• Provide comprehensive detection capability by leveraging Security Operations Center (SOC), Security Information and Event Management (SIEM) and Cyber Threat Intelligence (CTI) platforms. This includes continuous optimization of SOC and SIEM use cases, ensuring timely updates and implementation of service improvements.
• Execute SOC playbooks, knowledge base to minimize the security incident impact and perform detailed investigation on the infected assets.
• Coordinate with stakeholders and other delivery practices to address, follow up and resolve security issues as part of the escalation matrix and customer delivery process.
• Monitor, detect and respond to security incidents. Analyze system and network traffic data, security logs and alerts to identify potential attacks. Conduct incident investigations, root cause analysis and recommend remediation. Escalate and document incidents following defined processes. Correlate intelligence with internal telemetry to detect risks and ongoing campaigns.
• Achieving SLA compliance for incident response and resolution timelines, reducing mean time to detect (MTTD) and mean time to respond (MTTR) to security incidents to improve customer satisfaction through proactive threat monitoring and incident advisory.
• Perform security monitoring gap analysis and build corresponding processes for continuous evaluation as well as increase detection coverage.

Technical:

• Monitor OSINT (Open-Source Intelligence), dark web, threat feeds and industry reports to identify threats relevant to the organization. Translate threat intelligence into actionable security across tools such as firewall, IPS and malware detection across multiple security vendor platforms.
• Proactively search for advanced persistent threats (APTs), zero-day exploits and other sophisticated attack techniques within our network and systems. Develop and utilize threat intelligence to identify new indicators of compromise (IOCs) and attack patterns. Leverage security tools (SIEM, EDR, network telemetry, etc.) to uncover stealthy activities and anomalous behaviors. Continuously refine threat hunting methodologies and integrate new techniques.
• Actively participate in various security projects, contributing expertise and insights from an operational security perspective. Stay current with the latest cybersecurity threats, trends, technologies, and regulations.

Leadership:

• Provide guidance, coaching and technical mentorship to junior security analysts. Foster a culture of continuous learning and knowledge sharing within the team. Assist in the professional development of team members through training and skill-building initiatives.
• Translate technical risks into business context and communicate security risks and compliance gaps clearly to various stakeholders. Support security risk evaluation, remediation planning, and process improvements alongside technical and business teams.
• Participate on various projects and initiatives providing security guidance and direction while ensuring adherence to security policies and standards.
• Collaborate closely with respective IT teams (e.g., Network, Database, Application, IT Risk) and business units to proactively identify and address security concerns.
• Develop and maintain comprehensive documentation of engagements performed, solutions provided, and risks and/or issues identified.

Skills & Experience We Are Looking For:

• Bachelor's degree in Computer Science, Information Security, or a related field; equivalent practical experience will be considered.
• Minimum 5 years of experience directly related to practical experience and demonstrated ability to carry out the functions of the job in an SOC environment with a strong focus on incident response, security operations or threat hunting.
• Proven experience with Security Information and Event Management (SIEM) platforms (e.g., Splunk, QRadar, Elastic, Log Rhythm, Microsoft Sentinel).
• In-depth understanding of network protocols, operating systems (Windows, Linux), and common attack vectors.
• Hands-on experience with endpoint detection and response (EDR) solutions.
• Relevant industry certifications (e.g., GCIH, GCFA, GNFA, OSCP, CISSP, CEH).
• Experience with scripting languages (e.g., Python, PowerShell) for automation and data analysis.

For more job opportunities, please go to HLB Careers:

We appreciate your application and will be in touch with shortlisted candidates regarding next steps.