Cyber Defence - Global Security Operations Centre (GSOC) Level 2 Analyst

As part of the Cyber Defence team in the Global Security Operations Centre, you will provide security monitoring, triage, and investigation of potential incidents, and help to constantly improve the ways that the team works so that we can keep up with the latest threats against our business.

Fast and effective identification and triage of potential incidents is essential for us to protect our critical data and assets, and you will be at the forefront of this exciting area of Cyber Security, protecting the business and our interests daily.

You will need to have a good technical aptitude, a calm approach under pressure, excellent communicative skills to technical and nontechnical audiences, and have a genuine passion for security.

The Role

▪ Perform investigations on security incidents, detect potential threats via log analysis, and leverage tools including SIEM, UEBA, and EDR.
▪ Ensure that there is a timely response to any cyber incidents to minimize the impact to the business, including interacting with different technical teams and business stakeholders where needed.
▪ Act as the primary escalation point of L1 analyst for complex incidents, performing investigations and root cause analysis,
initiating containment actions, and collaborating with L3 analysts and other teams as required.
▪ Escalate high/critical severity incidents to the appropriate escalations team according to the established process.
▪ Safely acquire and preserve the integrity of cyber security data required for incident analysis to help determine the technical/operational impact, root cause(s), scope, and nature of incidents.
▪ Escalation point to provide process and/or technical advice for L1 analyst.
▪ The L2 analyst also acts as a shift lead, managing shift workload to ensure incidents and tasks are appropriately assigned and handled within the shift.
▪ L2 analyst is also responsible in preparing and send the end of shift report to Leadership team.asnldasl,mhjklhwsjkfhkl;wjflkl;asd \
▪ Lead and document handover calls to ensure all updates, unassigned tickets, pending tasks, and ongoing investigations are effectively communicated to the next shift.
▪ Perform quality audit for tickets that were handled by L1 analysts to ensure incidents were handled in accordance to established processes.
▪ Recommend alert/s for tuning to minimize false positives and improve the businesses’ security posture against threat actors.
▪ Contribute to SOC process maturity and continuous improvement by creating and updating process documentation and knowledge base content, and by enhancing alerts through tuning activities.
▪ Provide in-shift guidance, training, and mentorship to help new joiners and L1 analysts develop operational skills.

The Requirement

▪ Work as part of a 24/7 SOC across multiple locations, requiring strong teamwork and the ability to collaborate with internal
stakeholders and colleagues to consistently deliver exceptional service and support.
▪ 4 - 5 Years’ Experience working as part of a mature cyber defence centre or security operations centre.
▪ Ability to troubleshoot and research security issues effectively, and communicate clearly with technical and non-technical
stakeholders, maintaining professionalism.
▪ Effectively manage time and reliably complete assigned tasks/incidents within shift.
▪ Hands on experience of using a SIEM, UEBA, and EDR as a security analyst.
▪ Lead investigations and collaborate with business stakeholders to ensure thorough analysis and resolution of security
alerts and incidents.
▪ Great verbal and written communication skills, and the ability to write reports in a structured methodology.
▪ To be inquisitive, with a strong sense of personal responsibility for learning and self-development.
▪ Ability to identify common attack techniques within the context of specific technologies.
▪ Working knowledge of Linux, MacOs, and Windows operating systems.

Beneficial:
▪ Any relevant security certifications (SC-200, SC-900, Security+, CySA+, CASP+, etc.).
▪ Any relevant network certifications (Network +, CCNA, etc.).
▪ Knowledge of other key IT fields (such as Web Applications Firewall, databases, Active Directory, data loss
protection, EDR Solutions, SIEM, network security systems such as web proxies, and firewalls)

WTW is an Equal Opportunity Employer