SOC Cyber Analyst
Hereford Based
£75.48 hour Umbrella Inside IR35
12 Month Contract initially.
This is a great opportunity to work within one of the UK's leading Defence organisations based Hereford.
Typical duties include (but are not limited to):
* Alert Triage: Review and assess alerts escalated by the outsourced SOC; validate their accuracy and determine potential impact.
* Initial Investigation: Perform first-line investigation using available tools (SIEM, Device Logs, firewall logs and SIEM alerts).
* User Interaction: Engage with affected end users or asset owners to collect additional information, verify events, or guide immediate containment steps (e.g. asset isolation, password reset).
* Escalation: Escalate confirmed or high severity incidents to the Level 2 SOC (outsourced) or internal incident response teams, ensuring complete and accurate handoff documentation.
* Incident Documentation: Create and maintain detailed case notes, timelines, and evidence within the case management system to support investigations and compliance requirements.
* Collaboration: Serve as the coordination point between the security team and the external SOC partner, maintaining strong communication and situational awareness.
* Playbook Execution: follow established triage and escalation playbooks; suggest improvements based on recurring issues or inefficiencies.
* Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape.
Knowledge:
Essential:
* 2-4 years of experience in a SOC, IT Operations, or security support role.
* Understanding of key security concepts including malware, phishing, lateral movement and privilege escalation.
* Working knowledge of network fundamentals, windows/Linux system logs and authentication systems.
* Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar).
Desirable:
* Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001).
Skills:-
Essential:
* Familiarity with ticketing and case management systems (e.g. Jira, The Hive 5, ServiceNow etc).
* Strong analytical mindset and the ability to interpret logs and alerts.
* Excellent written and verbal communications skills â€" able to communicate technical findings to both technical and non-technical stakeholders.
Desirable:
* Experience working alongside or within a Managed Security Service Provider (MSSP) or outsourced SOC.
* Basic scripting or automation knowledge (PowerShell, Python, or Bash) is a plus.
Desirable:
* CompTIA Security+, CySA+ or other entry level certification
For more information please contact Lauren Morley at JAM Recruitment or click apply.
