Lead SOC Analyst

The Security Operations Centre (SOC) is part of the Admiral Group’s Security Operations function. The Admiral SOC is looking for an experienced security professional to lead the daily SOC activities in the UK. 

As the Lead SOC Analyst for the Admiral SOC team in the UK, you will be responsible for coordinating the efforts of the analysts to ensure effective monitoring takes place; offering technical guidance during an investigation; reviewing and improving playbooks and processes; contributing to the strategy for the SOC; and management of the team. You will have at least 2 years of management experience and be able to evidence good coaching and leadership practices. You’ll also work with other Lead Analyst(s) within the SOC to maintain a coherent monitoring and detection capability daily. 

The security analyst team is a vital part of the SOC. It works closely with other security operations functions, such as Incident Response, Threat Intelligence, and various technology and business units. 

Responsibilities

• Lead a team of SOC analysts to deliver against SOC monitoring and response strategy. 
• Manage SOC response to escalated cyber security alerts/alarms from the MSSP and/or the triage team. 
• Assess the risk to the business, being prepared to change that assessment in the presence of new evidence. 
• Investigate security cases and work with the other teams to contain and remediate cyber security incidents. 
• Ensure all security events are investigated and documented to completion. 
• Help develop new detection rules for deployment to the security tooling to increase detection coverage and effectiveness. 
• Work with the managed security services provider (MSSP) to review and maintain efficiency. 
• Assist the incident response team with technical analysis and provide timely updates during an incident response investigation when needed. Contribute to process creation, maintenance, documentation and automation as required. 
• Analyse and suggest improvements on rules and playbooks on SIEM/SOAR and EDR platforms. 
• Stay up to date on the changing threat landscape. 
• Support and mentor junior members of the team. 

Key Interactions

• Engage with the overall SOC team. 
• Engage with the Incident Response team when needed. 
• Engage with the Threat Intelligence (TI) team. 
• Engage with various stakeholders within Security Operations as and when needed. 

Knowledge and Experience Required

• 7+ years’ experience in any of the following: security monitoring, incident response, and digital forensics. 
• 2 years experience in managing a security operations team. 
• Understanding concepts/frameworks such as Cyber Kill Chain, MITRE ATT&CK. 
• Analysing security logs/alerts such as those from Firewall, EDR, and AV.
• Experience in alert triage on one or more SIEM (Security Information and Event Management) solutions such as Microsoft Sentinel, Chronicle, Splunk, LogRhythm, and QRadar. 
• Understanding of enterprise-grade technical security controls and in-depth defence practices. 
• Report writing and presentation creation skills relevant to a SOC environment. 

Desirable Skills

• Experience with a SOAR (Security Orchestration, Automation & Response) platform such as Siemplify or Palo Alto XSOAR would be highly advantageous but not mandatory. 
• Experience in developing detection rules on Sentinel or Chronicle platforms would be highly desirable but not mandatory. 
• Familiarity with public cloud platforms such as Azure, GCP and AWS and security practices. 
• GIAC Certifications or equivalent such as the following would be desirable but not mandatory: GCIH, GCFE, GCIA, GDAT, GCDA, and GISP.

Our Commitment to You

At Admiral, we are committed to being a diverse and inclusive workplace. Admiral is proud to be an equal opportunities employer and does not discriminate on the basis of race, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), national origin, gender, gender identity, sexual orientation, disability, age, or any other legally protected status.

All qualified applicants will receive equal consideration for employment.

Salary, Benefits and Work-Life Balance

We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.

All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.

You can also view some of our other key benefits here.

#LI-NT1