Incident Response Specialist – SOC

The Role:

Experienced Incident Response Specialist is being sought by a leading financial services organisation in the heart of London, City. They are based in beautiful offices You will be responsible for cyber security investigations and incident handling and will perform security threat analysis of malware, phishing, email and web application attacks. Additionally, you will work with other security teams and various internal teams to contain, remediate and escalate security incidents while making recommendations to knowledge-based platforms, playbooks and assist with identifying operational areas of improvement. Finally, your knowledge and experience is leveraged to support L1 triage activities and L3 threat hunting missions as needed.

Key Responsibilities:

• Lead and coordinate the investigation effort for cyber security incidents from initial escalation through after-action reporting
• Conduct live response analysis, network analysis, log analysis, and malware triage in support of incident response investigation
• Effectively communicate investigative progress, findings, opportunities and challenges to Incident Management team
• Manage intake of incidents and reports from internal customers, using the internal ticketing system in a timely and accurate manner
• Identify and triage security incidents such as Malware, Phishing and Web Attacks
• Serve as Subject Matter Experts for cyber security incidents in meetings with internal and external teams
• Provide leadership, knowledge transfer and mentoring of junior Security Specialists as part of normal IT and business activities.
• Provide assistance and guidance to L1 Event Monitoring and Triage team by monitoring of SIEM, CSOC mailboxes, and the case management system for attacker activity
• Provide assistance and support to L3 Advanced Threat Detection team through execution of developed threat hunting missions, threat research, and profiling of potential threats

Key Requirements:

• Minimum 4 years of Enterprise Incident Response and/or Security Operations Centre experience
• Minimum 4 years of experience with standard Enterprise-class security stack (Firewall, IDS/IPS, Antivirus, SIEM, Web Proxy, Web Application Firewall)
• Minimum 1 year of Hypothesis-based Threat Hunting in an Enterprise environment
• Functional knowledge of Cyber Security and Incident Response foundations, theory, terminology (Kill Chain, TTPs, APT, IOCs, etc.)

For a full consultation on this role please email your CV to Arc IT Recruitment.