SOC Security Engineer

Location:
Corsham
Job Type:
Contract
Industry:
Enterprise Applications
Job reference:
BBBH156530_1654619904
Posted:
28 days ago

SOC Security Engineer - Active SC or DV clearance - Corsham (onsite) - 15 months

Our client, a market leading multi-national technology company are looking for a SOC Security Engineer, to join them in Corsham. The assignment is an initial 15 - month contract and can offer a competitive daily rate.

Role Overview:

The SOC Security Engineer (Incident & Vulnerability) - L3 is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Engineer (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level.

Role responsibilities:

The day-to-day maintenance of the SOC PROTECT, DETECT and RESPOND tool sets.

  • Support to the development, implementation, and configuration of new or revised SOC tooling.
  • Optimisation and automation across tooling to fully support the PROTECT, DETECT and RESPOND functions.
  • Full tooling visibility, and independent assurance, that all assets are visible and managed within the OpNET DCO security wrap.
  • Responsible for vulnerability scanning tooling, planning, and contribution to wider SOC strategy.
  • Responsible for integration of standard and non-standard logs in SIEM.
  • Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
  • Ensuring Vulnerability identification (including IOCs), assessment, quantification, reporting, Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
  • Reviews and response to request for changes to SOC tooling, logging and monitoring.
  • Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
  • Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
  • Conducting forensic analysis on systems and engaging third-party resources as required.
  • Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
  • Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
  • Initiation of corrective action where required.
  • Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.

Skills required

  • ACTIVE SC or DV clearance required
  • Strong hands-on experience in the implementation, maintenance and configuration of a variety ofSIEM and SOAR platforms (includingSPLUNK, ELK, Elastic, Security Onionv2).
  • Experience in forensics, malware analysis, threat intelligence.
  • Exposure and hands on experience of a variety of SIEM and SOAR platforms (including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee EPO, Tanium, Tripwire and Whats Up Gold).
  • Ability to understand, modify and create threat detection rules within SIEM.
  • Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards.
  • Knowledge and experience with the Windows and Linux operating systems.
  • Experience using Python, Perl, PowerShell, BASH or an equivalent language.
  • Experience with network forensics and associated toolsets and analysis techniques.
  • Ability to reverse engineer malware and then creating IOCs and rules for the SIEM.
  • Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
  • Able to tune correlation rules and outcomes via SIEM and SOAR platforms.
  • Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs).
  • Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
  • Technical understanding of current cybersecurity threats and trends.
  • MITRE ATT&CK adversarial framework.
  • ITILv3/v4 Foundation.

Desirable qualifications:

  • ACTIVE SC or DV clearance required
  • CompTIA A+.
  • CompTIA Security+.
  • CompTIA CySA+.
  • CompTIA PenTest+
  • SANS 504 - Incident Handling.
  • SANS 511 - Continuous Monitoring.

SOC Security Engineer - Active SC or DV clearance - Corsham (onsite) - 15 months

Back to Search Results