RequirementsA strong understanding of malware behaviour, adversary tactics, techniques and procedures, and emerging threats will be critical to successStrong hands‑on experience in Security Operations Centre or MDR environmentsDeep operational knowledge of SIEM, EDR, Network Intrusion Detection Systems, SOAR, DLP and related security monitoring technologiesStrong experience with security event triage, correlation, investigation and escalationAbility to analyse endpoint, network, identity, cloud and application telemetry in support of complex investigationsExperience with SIEM query languages and detection logic, such as KQL, SPL, Sigma or equivalentExperience tuning security controls and detection content to improve alert fidelity and reduce false positivesStrong understanding of attacker tactics, techniques and procedures, including MITRE ATT&CKAbility to perform host‑based and network‑based threat analysisExperience analysing packet captures, endpoint artefacts, logs, scripts, documents and potentially malicious filesStrong understanding of incident response lifecycle, including preparation, identification, containment, eradication, recovery and lessons learnedStrong understanding of enterprise network architecture, TCP/IP, firewalls, proxies, VPNs, DNS, email security and cloud environmentsUnderstanding of security protocols, encryption technologies and common authentication mechanismsExperience supporting customer‑facing technical discussions, including investigation reviews, tuning recommendations and posture improvement activitiesAbility to manage multiple complex incidents and make effective decisions under pressureStrong written and verbal communication skills, with the ability to explain technical findings to both technical and non-technical stakeholdersExperience with Microsoft Sentinel, Microsoft Defender, Splunk, QRadar, CrowdStrike, SentinelOne, Palo Alto, Suricata, Zeek, Snort or similar technologies is highly beneficialExperience with cloud security monitoring across Microsoft Azure, AWS or Google Cloud is beneficialExperience with threat hunting, detection engineering or purple team activities is beneficialAbility to produce clear technical documentation, investigation reports and customer‑facing recommendationsSecurity industry certifications such as GCIH, GCFA, GCIA, GNFA, GCTI, GSEC, CISSP, CySA+, SC-200, AZ-500 or equivalent are highly beneficialMinimum 2–3 years of experience in a SOC, MDR, incident response, CSIRT or cyber security operations roleProven experience handling complex security incidents and supporting advanced investigationsWorking knowledge of SIEM, EDR, SOAR, NIDS, DLP and threat intelligence platformsExperience working with threat hunting methodologies and security detection frameworksExperience supporting customers or internal stakeholders with security optimisation, detection tuning and cyber security posture improvementWhat the job involvesIn this role, you will act as a Level 3 escalation point within the MDR/SOC function, providing advanced technical support to Level 2 analysts during complex or high‑severity investigations. You will be expected to bring deep operational knowledge across modern security technologies, including SIEM, EDR, Network Intrusion Detection Systems, SOAR, DLP and related security monitoring platformsThe Principal SOC Analyst will support the investigation, containment and remediation of advanced threats, ensuring that incidents are analysed in the correct business and technical contextThe role requires strong hands‑on experience in security operations, incident response, threat analysis and detection tuning, as well as the ability to work directly with customers and internal stakeholders to improve detection capability and strengthen cyber security postureYou will contribute to the continuous improvement of the MDR service by supporting the definition of security monitoring strategies, improving detection logic, tuning security technologies, reviewing investigation processes and advising customers on technical optimisation opportunitiesAct as the Level 3 escalation point for advanced, complex or high‑impact security investigationsSupport Level 2 analysts during complex investigations, providing technical guidance, validation and directionPerform in‑depth analysis of security events, alerts, logs, endpoint telemetry, network traffic and other relevant data sourcesLead advanced incident investigations, including scoping, containment, eradication and remediation recommendationsAnalyse malicious activity, suspicious files, attacker behaviour and adversary TTPsSupport customers from a technical perspective in the optimisation, tuning and improvement of their security monitoring capabilitiesReview and improve SIEM, EDR, NIDS, SOAR and other security tool configurations to reduce false positives and improve detection qualityContribute to the development and refinement of detection use cases, correlation rules, alerting logic and investigation playbooksSupport the definition of customer security monitoring strategies based on risk profile, threat landscape and available telemetryProvide technical recommendations to strengthen customer cyber security posture and improve resilience against current and emerging threatsConduct threat hunting and proactive analysis based on indicators, behaviours, intelligence and attack patternsDocument investigation findings, evidence, timelines, containment actions and remediation recommendations in a clear and structured mannerPrepare and deliver technical reports to customers, partners and internal stakeholdersMonitor trusted sources for emerging threats, vulnerabilities and adversary activity relevant to customer environmentsContribute to the continuous improvement of SOC processes, procedures, documentation and knowledge base materialSupport mentoring and technical development of Level 1 and Level 2 analysts where required
#J-18808-Ljbffr