SOC Analyst

Role: SOC Analyst (Contract)

Start Date: ASAP

Duration: Inital 6 month contract with possible extension
Location: Hybrid - Andover (onsite 2 days per fortnight)

Rate: Day rate inside IR35, PAYE via a payroll company

• SOC Support, Development and Maturation (SFIA Level 5) deliverables include but are not limited to:
  
• Act as a focal point for Security Incident
  escalation. A focal point for advice, guidance, support and, if
  necessary, action on Security Incidents raised and typical associated
  SOC Level 2 duties.
  
• Support 1st line analyst triage and escalation.
  
• Build/Develop Use Cases – Develop use case and
  facilitation, threat modelling and translation of operational
  requirements into SOC SIEM tool. Focus on insider threat and Data Loss
  Prevention use case to demonstrate the process used by SOC analysts.
  
• Cyber Security Incident Management Plan (SIMP).
  Develop the Cyber Incident Response Plan in line with NIST and SANS
  guidance and incorporating the wider teams. Create supporting
  documentation and guidance for SOC and wider org to follow OOH with
  clear lines to resolver group support.
  
• SOC Roadmap development – assist in Developing SOC in
  line with recommendations, from the Security Architect, industry Best
  Practices and ongoing SOC Security Operations Maturity Assessment
  (SOMA).
  
• IaaS, PaaS and SaaS On-boarding – Work with wider
  development teams and develop, process for log on-boarding and develop
  costing model for SOC.
  
• Official ‘O’ and Software Design Life Cycle ‘SDLC’
  scope out – Review of network diagrams of both environments and
  prioritise log on-boarding into the SOC SIEM tool.
  
• Breakdown of workable project sizes and raise CRQ’s
  with dependent teams for onboarding.
  
• Develop SOC BCDR – Review existing documentation for
  the SOC BCDR and develop process/plan that feeds into the wider process.
  
• Cyber Incident Investigation/Escalation – Reviewing
  vulnerability event channels and identifying issues for escalation to
  different teams.
  
• Training and development – Mentor existing SOC team
  and develop play books and training and development content to enable
  quick upskilling of new starters to the SOC.
  
• Any additional other support or development tasks
  required by SOC Manager or Senior Leadership Team (SLT) within the scope
  of the SOC.
  

• Overall, the Authority’s requirement is for outcomes
  likely to be delivered by poly-skilled resource and the following details
  the skills and experience which are mandatory to ensure the Supplier can
  meet the Authority’s current and potential future requirements for this
  requirement:
  
• Strong knowledge of Cyber Security, with a focus on
  operational security. Such as security monitoring and alerting,
  vulnerability management and incident response. Producing supporting
  security documentation in coordination with stakeholders.
  
• A good all-round knowledge of IT systems and
  Networking.
  
• Experienced in both updating and creating operational
  security processes and procedures.
  
• Comprehensive experience of working in Cyber Security
  Operations Centres (CSOC), with additional knowledge and experience to
  support junior colleagues within the AHE SOC.
  
• Effective communication skills being able to deliver
  technical conversations and presentations to a range of different
  stakeholders.
  
• Network and application security and architecture,
  incident response, forensic investigation, and business continuity
  management.
  
• Knowledge of various Cyber Security Frameworks, Data
  Protection, and bulk data controls.
  
• Hands on experience with security tooling such as
  SIEM and EDR solutions. Technical ability to operate them from both an
  analyst and engineering perspective. (Monitoring, Use Case and content
  creation, upgrades and troubleshooting.
  
• Ideally have professional certification such as GIAC
  GCIH, CISSP, CISM or ISO 27001.
  
• Experience working in a Defence environment.
  
• Experience of managing and/or mentoring technical
  personnel.
  
• Knowledge of on-boarding new log sources into a SOC
  for security monitoring, while exploring relevant Use Cases for the
  respective log sources.
  
• Resources must be free of any commercial ties or
  obligations to any hardware or software vendors