SOC Analyst
£75.48 p/hr (Inside IR35)
Onsite Hereford
12 months
Level 1 SOC Cyber Analyst to join the TMCT security team to serve as the first internal responder to alerts generated by our outsourced SOC provider. In this role the individual will perform initial triage, conduct low level investigations, interact directly with end users and asset owners, and escalate verified incidents for advanced analysis and response. The level 1 SOC analyst will act as a key link between our internal security team and the external SOC, ensuring that potential threats are quickly validated, documented, and routed through appropriate channels for resolution.
Duties:
- Alert Triage: Review and assess alerts escalated by the outsourced SOC; validate their accuracy and determine potential impact.
- Initial Investigation: Perform first-line investigation using available tools (SIEM, Device Logs, firewall logs and SIEM alerts).
- User Interaction: Engage with affected end users or asset owners to collect additional information, verify events, or guide immediate containment steps (e.g.asset isolation, password reset).
- Escalation: Escalate confirmed or high severity incidents to the Level 2 SOC (outsourced) or internal incident response teams, ensuring complete and accurate handoff documentation.
- Incident Documentation: Create and maintain detailed case notes, timelines, and evidence within the case management system to support investigations and compliance requirements.
- Collaboration: Serve as the coordination point between the security team and the external SOC partner, maintaining strong communication and situational awareness.
- Playbook Execution: follow established triage and escalation playbooks; suggest improvements based on recurring issues or inefficiencies.
- Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape.
Essential:
- 2-4 years of experience in a SOC, IT Operations, or security support role.
- Understanding of key security concepts including malware, phishing, lateral movement and privilege escalation.
- Working knowledge of network fundamentals, windows/Linux system logs and authentication systems.
- Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar).
Desirable:
- Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001).
Qualifications:
Desirable:
- CompTIA Security+, CySA+ or other entry level certification.
