Senior Security Analyst

The Security Operations Centre (SOC) is part of the Admiral Group’s Security Operations function. The SOC is looking for an experienced SOC analyst. As a Senior Security Analyst, you will be responsible for responding to and investigating security events within Admiral’s environment as well as proactive threat hunting when not on detection duty. Responsibilities will also include creation of new detection logic when needed, as well as review and improvement of existing logic.

The security analyst team is a key part of the SOC and Threat Hunting function and works closely with other security operations functions such as Incident Response, Threat Intelligence, as well as with various technology and business units.

Responsibilities

• Triage cyber security alarms escalated from MSSP.
• Investigate incidents and work with the other teams to contain and remediate cyber security incidents.
• Develop new detection rules for deployment to the security tooling to increase detection coverage and effectiveness.
• Contribute to the security monitoring, response and threat hunting strategy.
• Work with the managed security services provider (MSSP) to review and maintain efficiency.
• Perform threat hunting tasks to proactively detect threats within our environment.
• Assist the incident response team with technical analysis and provide timely updates during an incident response investigation when needed.
• Ensure all security events are investigated and documented to completion.
• Contribute to process creation, maintenance, documentation and automation as needed.
• Analyse and suggest improvements on rules and playbooks on SIEM/SOAR, EDR platforms.
• Stay up to date on the changing threat landscape.
• Support and mentor junior members of the team.

Key Interactions

• Engage with the overall SOC team.
• Engage with the Threat Intelligence (TI) team.
• Engage with the Incident Response team when needed.
• Engage with various stakeholders within Security Operations as and when needed.

Knowledge and Experience Required

• 5+ years’ experience in any or more of the following: Security monitoring & detections; Incident Response, digital forensics.
• Understanding frameworks such as Cyber Kill Chain, MITRE ATT&CK.
• Understanding of enterprise grade technical security controls and defence in depth practices.

Desirable Skills

• Proficiency with one more SIEM (Security Information and Event Management) platform(s).
• Experience with a SOAR (Security Orchestration, Automation & Response) platform such as D3, Demisto, Chronicle would be highly advantageous but not mandatory.
• Familiarity with public cloud platforms such as Azure, GCP and security practices on those platforms.
• Working proficiency in a programming or scripting language such as Python / PowerShell / Go / C# would be beneficial but not essential.
• GIAC Certifications such as the following would be desirable but not mandatory: GCIH, GCFE, GCIA, GDAT, GCDA, GISP.

Our Commitment to You

At Admiral, we are committed to being a diverse and inclusive workplace. Admiral is proud to be an equal opportunities employer and does not discriminate on the basis of race, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), national origin, gender, gender identity, sexual orientation, disability, age, or any other legally protected status.

All qualified applicants will receive equal consideration for employment.

Benefits and Work-Life Balance

At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we’re consistently voted one of the Sunday Times Best Big Companies to Work For in the UK.

All colleagues will receive 33 days holiday (including banks holidays) when they join us, and this will increase with length of service, up to a maximum of 38 days (including banks holidays). You also have the option to buy or sell up to five days of annual leave in addition to your allocation.

You can also view some of our other key benefits here.