SOC Security Engineer - Corsham (onsite) - 15 months
Our client, a market leading multi-national technology company are looking for a SOC Security Engineer, to join them in Corsham. The assignment is an initial 15 - month contract and can offer a competitive daily rate.
Role Overview:
The SOC Security Engineer (Incident & Vulnerability) - L3 is responsible for delivering DCO outcomes across the OpNET platform. The SOC Security Engineer (Incident & Vulnerability) is critical for the deployed environment, ensuring that operational security processes are enacted at every level.
Role responsibilities:
- The day-to-day maintenance of the SOC PROTECT, DETECT and RESPOND tool sets.
- Support to the development, implementation, and configuration of new or revised SOC tooling.
- Optimisation and automation across tooling to fully support the PROTECT, DETECT and RESPOND functions.
- Full tooling visibility, and independent assurance, that all assets are visible and managed within the OpNET DCO security wrap.
- Responsible for vulnerability scanning tooling, planning, and contribution to wider SOC strategy.
- Responsible for integration of standard and non-standard logs in SIEM.
- Optimising threat detection products for data loss prevention (DLP), security information and event management (SIEM), advanced email protection, endpoint detection and response (EDR), antivirus and intrusion prevention/detection systems.
- Ensuring vulnerability identification (including IOCs), assessment, quantification, reporting, ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Reviews and response to request for changes to SOC tooling, logging and monitoring.
- Writing detection signatures, tune systems / tools, develop automation scripts and correlation rules.
- Maintaining knowledge of adversary tactics, techniques, and procedures (TTPs).
- Conducting forensic analysis on systems and engaging third-party resources as required.
- Ensuring incident identification, assessment, quantification, reporting, communication, mitigation and monitoring.
- Ensuring compliance to policy, process, and procedure adherence and process improvisation to achieve operational objectives.
- Initiation of corrective action where required.
- Ensuring daily management, administration & maintenance of security devices to achieve operational effectiveness.
Skills required
- Highest level of clearance is preferred for this role, candidates without the clearance will be considered
- Strong hands-on experience in the implementation, maintenance and configuration of a variety of SIEM and SOAR platforms (including SPLUNK, ELK, Elastic, Security Onionv2).
- Experience in forensics, malware analysis, threat intelligence.
- Exposure and hands on experience of a variety of SIEM and SOAR platforms (including. Nessus, Greenbone, Nipper, BMC Discovery, McAfee EPO, Tanium, Tripwire and Whats Up Gold).
- Ability to understand, modify and create threat detection rules within SIEM.
- Ability to correlate data from multiple data sources to create a more accurate picture of cyberthreats and vulnerabilities, managing and engineering dashboards.
- Knowledge and experience with the Windows and Linux operating systems.
- Experience using Python, Perl, PowerShell, BASH or an equivalent language.
- Experience with network forensics and associated toolsets and analysis techniques.
- Ability to reverse engineer malware and then creating IOCs and rules for the SIEM.
- Understanding of log collection and aggregation techniques, Elasticsearch, Logstash, Kibana (ELK), syslog-NG, Windows Event Forwarding (WEF), etc.
- Able to tune correlation rules and outcomes via SIEM and SOAR platforms.
- Strong background in Analysis of attacker Tactics, Techniques and Procedures (TTPs) and Indicators of Compromise (IoCs).
- Understanding of intrusion detection systems, web application firewalls, and IP reputation systems.
- Technical understanding of current cybersecurity threats and trends.
- MITRE ATT&CK adversarial framework.
- ITILv3/v4 Foundation.
Desirable qualifications:
- CompTIA A+.
- CompTIA Security+.
- CompTIA CySA+.
- CompTIA PenTest+
- SANS 504 - Incident Handling.
- SANS 511 - Continuous Monitoring.
SOC Security Engineer - Corsham (onsite) - 15 months