$3000 to $7000 (Monthly)
GSOC L2 Analyst
LSEG Security Operations is a central function employing people, process and technology to continuously monitor and respond to cyber security incidents. Security Operations spans multiple domains including cyber threat intelligence, cyber threat detection, data loss prevention and cyber incident response.
This role is a GSOC L2 Analyst for the Global Security Operations Centre (GSOC). The role is responsible for identifying and responding to cyber security incidents and enhancing the defensive capabilities of the GSOC.
The ideal candidate will have a strong technical background, with a firm understanding of modern attack techniques coupled with knowledge of the typical lifecycle of an attack.
Role operates on a shift rotation. Shifts are 07:00 – 19:00 or 08:00 – 20:00 (subject to UK BST) using a 4 days on, 4 days off rotation.
• Triage security events and employ a methodical and coherent response to security incidents adopting playbooks where necessary.
• Competently operate a chosen SIEM (e.g. Splunk/QRadar/LogRhythm) for incident investigations, or for the development of monitoring dashboards.
• Utilise playbooks, existing knowledge and accurate online resources for guidance when responding to incidents.
• Utilise online resources for researching and collecting threat intelligence to enhance the SOC’s abilities to detect cyber-attacks.
• Develop new, or improve existing run books and use cases based on investigations and knowledge of modern attacks.
• Stay up to date with current vulnerabilities, attacks, and countermeasures.
• Identify, respond and remediate cyber events generated through monitoring technologies.
• Preferred experience with operating or administrating a SIEM (e.g. Splunk/QRadar/LogRhythm).
• Strong working knowledge of networks including the TCP/IP stack, typical organisation architectures, and common protocols abused by malware.
• Experience in security event analysis & triage, incident handling and root-cause identification.
• Understanding of tools, techniques and procedures that attackers use to compromise organisations, ideally from direct experience.
• Knowledge of cyber security either academically or within corporate environments.
• Ability to work with a sense of urgency while remaining calm under pressure.
• Strong verbal and written communication and collaboration skills.
• Security industry specific and core technical accreditations such as OSCP, GIAC, CCNA.
• Certification demonstrating SIEM operational competences.
• Competent with one or more programming languages (e.g. Python, PowerShell, Java, C#).
More about MAPLEBLOSSOM