Security Operations Centre – Azure Security Analyst
Description
As a Cloud Security Analysts within Admiral’s Information Security Department you will be responsible for monitoring and investigating security events which occur with the Azure Cloud environment. The Security Analyst team is a key part of the SOC (Security Operations Centre) and sits alongside the Incident Response, Forensics, Threat Intelligence, Penetration Testing and Security Platform teams.
The Security Analyst team is responsible for monitoring and analysing an array of security tooling such as the SIEM, AV, firewalls and IDS for both on-prem and cloud deployments. The team is threat-led and when there are no alarm/events to be investigated the team performs threat hunting, looking for previously undetected threats.
You should have 3 years experience working in security, 12 months experience with Azure and a confident user of Azure Security Center, LogAnalytics and Sentinel.
Responsibilities
- Monitor security applications and investigate subsequent alerts/alarms.
- Work with the other security/IT teams to investigate, contain and remediate cyber security incidents.
- Develop new cyber alerts for deployment to the security tooling to increase detection coverage.
- Contribute to the security monitoring and response strategy.
- Work with our ‘managed security services provider’ (MSSP).
- Act on intelligence feeds and perform threat hunting being prepared to change that assessment in the presence of new evidence.
- Assist the incident response team with technical analysis and provide timely updates during an investigation.
- Ensure all security events are investigated and documented to completion.
- Analyse and offer improvements against user cases and playbooks.
- Participate in and help coordinate training scenarios to exercise processes, tools and staff across the wider security team.
- Stay up-to-date on the changing threat landscape.
Essential Experience/Skills
- 3 years’ experience in any of the following: Cyber security; IT operations; incident response; forensics
- 1 years’ Azure Cloud Experience.
- Competent user of Azure security tooling including Security Center, LogAnalytics and Sentinel.
- Understanding of the Cyber Kill Chain, MITRE ATT&CK and other information security defence and intelligence frameworks.
- Understanding of enterprise grade technical security controls and defence in depth practices.
Desirable Skills
- Certification in AZ-500: Microsoft Azure Security Technologies
- Proficient with SIEM technologies (Security Information and Event Management).
- One or more of the following:
- CompTIA Certification such as: Security+, CySA+
- GIAC Certification such as: GCIH, GCIA, GDAT, GCDA, GISP, GCFE
- (ISC)2 Certification such as: CISSP
- Diploma or Degree in a technical discipline such as: Computer Science, Engineering, Data analytics, Networking
- Familiarity with other cloud technologies such as GCP and AWS.
- Familiarity with a programming or scripting language.
Location: we are considering remote working (post COVID-19) with 1-2 days at the office per week.
Salary, Benefits and Work-Life Balance
We do not have a set salary for this position, as it will be dependent on the successful candidate’s experience. We are happy to see CVs from all candidates who meet the requirements and will be happy to discuss the remuneration package.
At Admiral, we are proud to be a diverse business where we put our people and customers first. We have great benefits to ensure employees have a great work-life balance; it's one of the reasons we're voted no. 1 in the 2019 Sunday Times Best Big Companies to Work For in the UK. We want you to have an element of freedom to define a working lifestyle that supports this, so accommodate flexible hours wherever possible.
You can also view some of our other key benefits here; https://admiraljobs.co.uk/employee-benefits/.
If you think this role is for you and would like to be considered for this opportunity, please click “apply now” to complete an online application form.
#LI-LP1
